Language Selection

English French German Italian Portuguese Spanish

July 2019

GNOME Desktop/GTK Leftovers

Filed under
GNOME
  • Andrei Lisita: Almost there

    All good things come to an end and so does the 2019 Google Summer of Code. With the last coding period having officially started my project is slowly approaching it’s last commit.

    Lately I have been working mostly on various issues regarding the looks and the behavior of the Savestates Manager, but there are also two new visible UI changes...

  • g_assert_finalize_object() in GLib 2.61.2

    One more API in this mini-series! g_assert_finalize_object(), which is available in GLib 2.61.2, which was released today.

    This one’s useful when writing tests (and only when writing tests). It’s been put together by Simon McVittie to implement the common pattern needed in tests, where you want to unref a GObject and assert that you just dropped the final reference to the object — i.e., check that no references to the object have been leaked in the test.

  • Finally TagEditor!

    After a lot of Merge Requests related with MBIDS and AcoustID, finally I started working on acoustid plugin.

    Before the logic was to return the recording with most sources. Now, we need to return multiple results. We need to retrieve first release belonging to each release group of each recording which matched with the given chromaprint.

Security: Cyberattack on Elasticseach, Available Updates, AT&T Liability and New HardenedBSD Release

Filed under
Security
  • Cyberattack on Elasticseach Databases turns DBs into Zombies/Botnets

    Recently a new cyberattack added into the list of Elasticsearch which is making Elasticsearch databases into Zombies or botnets.

    There is a list of attacks conducted on Elasticsearch databases in the past few years. The new one raises more tension among security experts due to its complexity and use of different tactics to evade security system and carry forward the attack successfully.

    Elasticsearch is a popular tool that helps companies managing billions of records in the database easily. Its source code is open and big companies like Netflix, Uber, Dell, and Adobe are already using Elasticsearch. I hope you now have an idea of how important it is for hackers to find vulnerabilities in this tool and exploit them to gain systems control.

    Recently, Trend Micro, a cybersecurity company revealed hackers have targetted publicly available Elasticsearch databases by delivering a backdoor as a payload.

    The attack requires multiple scripts to be executed on the system, starting from disabling the system firewall and stopping all the crypto mining processes running on the system. Once these tasks are completed successfully then hackers download another script to the server from a compromised or a grey website.

  • Security updates for Monday

    Security updates have been issued by Debian (patch, sdl-image1.2, and unzip), Fedora (deepin-clone, dtkcore, dtkwidget, and sqlite), Mageia (virtualbox), openSUSE (firefox), and SUSE (cronie and firefox).

  • Court Will Decide If AT&T Is Liable For Cryptocurrency Theft Caused By Shoddy Security

    Wireless carriers are coming under increasing fire for failing to protect their users from SIM hijacking. The practice involves posing as a wireless customer, then fooling a wireless carrier to port the victim's cell phone number right out from underneath them, letting the attacker then pose as the customer to potentially devastating effect. Back in February, a man sued T-Mobile for failing to protect his account after a hacker pretending to be him, ported out his phone number, then managed to use his identity to steal thousands of dollars worth of cryptocoins.

    T-Mobile customers aren't the only users who've experienced this problem. US entrepreneur and cryptocurrency investor Michael Terpin sued AT&T last summer (pdf) for the same thing: somebody ran a SIM hijacking scam on AT&T, then stole his identity and, in turn, stole $23.8 million in cryptocurrency.

  • Stable release: HardenedBSD-stable 12-STABLE v1200059.2

Python Programming: Python Fire, Python's Mypy, PyPy JIT, "PyDev of the Week"

Filed under
Development
  • Python Fire v0.2.0 CLI library upgrades with new improvements

    Python Fire turns up with a new update. The latest release, version v0.2.0 adds some new improvements. This library auto-generates command line interfaces (CLI) from any Python object. You can call Fire on Python functions, classes, objects, dicts, or anything else!
    Python Fire heats things up with one spicy command: Fire. This open source library automatically generates command line interfaces from any Python object. It can be used as a tool for developing and debugging by calling Fire in the library.

    The latest release arrived on July 26, 2019. Version 0.2.0 improves a few things and makes some tweaks to the library. Let’s fan the flames and see what’s included in the update, as well as some uses and benefits.

  • Python's Mypy: Callables and Generators

    In my last two articles I've described some of the ways Mypy, a type checker for Python, can help identify potential problems with your code. [See "Introducing Mypy, an Experimental Optional Static Type Checker for Python" and "Python's Mypy—Advanced Usage".] For people (like me) who have enjoyed dynamic languages for a long time, Mypy might seem like a step backward. But given the many mission-critical projects being written in Python, often by large teams with limited communication and Python experience, some kind of type checking is an increasingly necessary evil.

    It's important to remember that Python, the language, isn't changing, and it isn't becoming statically typed. Mypy is a separate program, running outside Python, typically as part of a continuous integration (CI) system or invoked as part of a Git commit hook. The idea is that Mypy runs before you put your code into production, identifying where the data doesn't match the annotations you've made to your variables and function parameters.

    I'm going to focus on a few of Mypy's advanced features here. You might not encounter them very often, but even if you don't, it'll give you a better picture of the complexities associated with type checking, and how deeply the Mypy team is thinking about their work, and what tests need to be done. It'll also help you understand more about the ways people do type checking, and how to balance the beauty, flexibility and expressiveness of dynamic typing with the strictness and fewer errors of static typing.

  • PyPy JIT Now Running Well On 64-Bit ARM For Faster Performance

    Thanks to funding from Arm Holdings and Crossbar, the PyPy folks working on their speedy Python JIT implementation have extended it to support 64-bit ARM (AArch64) with compelling performance results.

    This performance-oriented Python implementation now supports x86, x86_64, PowerPC 64-bit, s390, ARM 32-bit, and now ARM 64-bit.

  • Mike Driscoll: PyDev of the Week: Ines Montani

    This week we welcome Ines Montani (@_inesmontani) as our PyDev of the Week! Ines is the Founder of Explosion AI and a core developer of the spaCy package, which is a Python package for Natural Language Processing. If you would like to know more about Ines, you can check out her website or her Github profile. Let’s take a few moments to get to know her better!

Debian Outs First Linux Kernel Security Update for Debian GNU/Linux 10 "Buster"

Filed under
Security
Debian

Released earlier this month, the latest Debian GNU/Linux 10 "Buster" operating system just got its first Linux kernel security update, which addresses a security flaw (CVE-2019-13272) discovered by Google Project Zero's Jann Horn in Linux kernel's ptrace subsyste, which could let a local user obtain root privileges.

"Jann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges under certain scenarios," reads the security advisory published by Salvatore Bonaccorso last week.

Read more

Vulkan and Khronos News

Filed under
Graphics/Benchmarks

Radeon RX 5700 / RX 5700 XT Linux Gaming Performance With AMDGPU 5.3 + Mesa 19.2-devel

Filed under
Graphics/Benchmarks
Gaming

Now that the flow of initial Navi fixes and optimizations has settled down for both the AMDGPU DRM kernel driver and the Mesa RADV/RadeonSI user-space driver components, here is a look at AMD Radeon RX 5700 and RX 5700 XT graphics card performance on Ubuntu Linux at the end of July, now three weeks after these 7nm graphics cards first shipped.

This round of testing features the Navi Radeon RX 5700 series tested with the very latest Linux 5.3 development kernel as of this past weekend, which is the first kernel featuring this Navi support. Since the initial merge earlier this month, there have already been some Navi 10 fixes that followed. On the OpenGL/Vulkan driver side, Mesa 19.2-devel is branching in early August and now has decent support for the Radeon RX 5700 series in place. Since the earlier RadeonSI support and the RADV Vulkan driver support that landed on launch day, there has continued to be a number of fixes to land, various new features, and different driver performance optimizations.

Read more

Microsoft Under Fire for GitHub Imperialism

Filed under
Microsoft
  • GitHub developers restricted in Crimea, Cuba, Iran, and other regions under U.S. sanctions

    GitHub placed new restrictions on developers in Crimea, Cuba, Iran, North Korea, and Syria. Developers face restrictions as a result of U.S. trade sanctions. Private repositories (repos) and paid accounts are under these new restrictions, but public repos are still available, and open-source repos are unaffected. Several reports surfaced over the weekend of developers being affected by the restrictions (via The Verge).

  • Yellow badges are back. This time not by Nazi Germany & not for Jews, but by U.S. tech companies

    Three days ago (Jul 25, 2019), when GitHub blocked my account, I noticed that there is an ugly fixed yellow warning on every single page of GitHub for me (as a blocked user). The warning message had no close button. I want to call it “Digital yellow badge” but this time it’s not for Jews, it’s for people who born & live in countries like Iran.

  • GitHub restricts developer accounts based in Iran, Crimea, and other countries under US sanctions

    At least one developer who was affected by the action was told that the company was not “legally able” to provide an export of the disabled repository content. Friedman added that the company does not believe it is legally able to provide advance notice of these restrictions, but he said that users can choose to make their private repos public to gain access and clone them.

Linux Lite 4.6 RC1 Released

Filed under
GNU
Linux
  • Linux Lite 4.6 RC1 Released

    Linux Lite 4.6 RC1 is now available for testing.

  • Linux Lite 4.6 Enters Development Based on Ubuntu 18.04.2 LTS, Here's What's New

    Linux Lite creator Jerry Bezencon announced today that the Linux Lite 4.6 operating system is now in development, giving the community an early taste of what's coming in the next major release of this Ubuntu-based OS.

    Highlights of the Linux Lite 4.6 release include a new theme selector in the Lite Welcome tool to make it easier for newcomers to select between the Light and Dark themes, along with a new Keyboard and Num Lock sections. Moreover, the Lite Sources utility has been updated with comments only about the Linux Lite repositories.

    Another interesting addition to Linux Lite 4.6 is the CPU Performance mode plugin from the Xfce desktop environment (xfce4-cpufreq-plugin), which is now available as an option for the system tray. Users can select it and move it wherever they want by right-clicking on the Taskbar, then go to Panel > Add new items > CPU Frequency Monitor.

  • Linux Lite 4.6 RC1 is here

    Summertime is great, isn't it? I mean, who doesn't like fun in the sun? Many, actually. While I do enjoy the outdoors and the beach, I am certainly more comfortable in front of a computer. And I am definitely not alone. If you are the same way, don't apologize for it -- embrace it! There's nothing wrong with being a homebody.

    For instance, today, rather than go outdoors and risk being injured by the sun, why not install a Linux-based operating system instead? Hell, get even nerdier and geekier and install a pre-release Linux distro! There's a new such OS available for testing that you should try -- the Ubuntu-based Linux Lite 4.6 RC1.

Librem 5 Smartphone – Final Specs Announced

Filed under
Gadgets
  • Librem 5 Smartphone – Final Specs Announced

    We are proud to unveil the final specifications for the Librem 5 smartphone, set to begin shipping in Q3 of 2019.

  • Librem 5 privacy-focused Linux phone specs finalized as pre-orders begin

    Despite the growing number of evidence and cases of mobile software that blatantly violate user privacy, it’s almost impossible to imagine life these days without a smartphone. While hardcore privacy advocates might be able to ditch their mobile device for good, there are some that try to promise the best of both mobile and privacy worlds. One of those is Purism who has finally finalized the specs and features of its crowdfunded privacy-respecting Librem 5 phone.

    [...]

    The question now is whether all of that is enough to justify a $699 price tag. For those who answer a resounding “yes”, an early bird pre-order will shave $50 off that price for $649 only until July 31. As for the shipping date, that is still unannounced for both those pre-orders and, more importantly, the original backers back in 2017.

  • Purism Reveals Final Hardware Specs of the Privacy-Focused Librem 5 Linux Phone

    Purism, the company behind the powerful Linux-based laptops known as the Librem computers, announced today the final hardware specifications of their upcoming Librem 5 Linux smartphone.

    As you probably are already aware, Purism is working for some time on a Linux-powered smartphone, which the company calls Librem 5. Designed from the ground up to be privacy and security-aware, the Librem 5 Linux phone is currently scheduled for launch in Q3 2019, after it's been delayed a couple of times.

  • Purism Finally Announces The Firmed Up Specifications For The Librem 5 Smartphone

    It still remains to be seen if Purism will be able to ship the Librem 5 Linux smartphone this quarter as is their current revised target, but at least today they are publishing the finalized specifications for the phone's hardware.

    While we've long known of their plans to use the i.MX8 SoC and other components, items like the phone's cameras, battery capacity, and even RAM were not known until now.

More in Tux Machines

Free Software and More

  • The Apache News Round-up: week ending 15 October 2021

    Happy Friday, everyone. The Apache community has had another great week.

  • The Intelligent Edge – Coming Soon to Arm DevSummit 2021 [Ed: What a ridiculous coredump of mindless buzzwords by SUSE]

    For those of us not keeping score, we’re at the cusp of a technology shockwave that will fundamentally change the way we live, work, and interact with each other. Some call it the fourth industrial revolution (I4). While the third industrial revolution was all about process and product automation, the fourth industrial revolution (from an IT perspective) will center on the fusion of IT and OT.

  • Five of Monday's 'All Things Open' Presentations We Wouldn't Miss - FOSS Force

    If you couldn’t make it to Raleigh, North Carolina to attend this year’s All Things Open, you’re in luck. You can go to the conference’s web site and register for the free online version of the event, which will include live streaming of all presentations happening at the event (including all keynotes), as well as a large number of prerecorded presentations that were put together specifically for the online audience. That’s how we at FOSS Force are planning on attending this year, although downtown Raleigh is only a couple of hours away by car.

  • Community Member Monday: Hlompho Mota

    I am a native of Lesotho, and a dreamer and a person who aspires to make changes. Currently I’m working in a business that serves other businesses in Lesotho to get recognition in the market, and generally grow to become more self-reliant. Other than my business, I do try and dabble in technology and try to understand how it works – and get a sense on how it can be relevant in the area of life that I live in at this moment. But besides that, I consider myself as lifelong learner and I hope that the learning will continue for the rest of my life. Currently, I’m a self-taught developer trying to participate in as many open-source projects as possible, with the hope of bringing much-needed development to my part of the world.

Programming Leftovers

  • Use KPNG to Write Specialized kube-proxiers

    The post will show you how to create a specialized service kube-proxy style network proxier using Kubernetes Proxy NG kpng without interfering with the existing kube-proxy. The kpng project aims at renewing the the default Kubernetes Service implementation, the "kube-proxy". An important feature of kpng is that it can be used as a library to create proxiers outside K8s. While this is useful for CNI-plugins that replaces the kube-proxy it also opens the possibility for anyone to create a proxier for a special purpose.

  • Dirk Eddelbuettel: dang 0.0.14: Several Updates

    A new release of the dang package arrived at CRAN a couple of hours ago, exactly eight months after the previous release. The dang package regroups a few functions of mine that had no other home as for example lsos() from a StackOverflow question from 2009 (!!), the overbought/oversold price band plotter from an older blog post, the market monitor from the last release as well the checkCRANStatus() function recently tweeted about by Tim Taylor. This release regroups a few small edits to several functions, adds a sample function for character encoding reading and conversion using a library already used by R (hence “look Ma, no new depends”), adds a weekday helper, and a sample usage (computing rolling min/max values) of a new simple vector class added to tidyCpp (and the function and class need to get another blog post or study …), and an experimental git sha1sum and date marker (as I am not the fan of autogenerated binaries from repos as opposed to marked released meaning: we may see different binary release with the same version number).

  • Rakudo Weekly News: 2021.42 Learning With

    Daniel Sockwell was inspired by a blog post a few weeks ago about a bouncing balls demo. The result is a new framework for learning Raku, but this time with some nice graphics: Learn Raku With: HTML Balls. Apart from the technical points, it’s also a great way (for people without much programming experience) to get involved with Raku while creating graphics and animations, rather than textual output. Check it out!

  • Russ Allbery: rra-c-util 10.0

    It's been a while since I pushed out a release of my collection of utility libraries and test suite programs, so I've accumulated quite a lot of chanages. Here's a summary; for more, see the NEWS file.

  • 1.56.0 pre-release testing | Inside Rust Blog

    The 1.56.0 pre-release is ready for testing. The release is scheduled for this Thursday, October 21th. Release notes can be found here.

  • Apple Announces The M1 Pro / M1 Max, Asahi Linux Starts Eyeing Their Bring-Up

    Apple today announced the M1 Pro and M1 Max as their most powerful SoCs ever built by the company. The new chips feature up to a 10-core processor, 32-core GPU, and up to 64GB of unified memory. While the Apple M1 was already well regarded for its speed, the M1 Pro and M1 Max are said to deliver up to 70% faster CPU performance than last year's M1. Meanwhile the GPU within the M1 Pro is up to 2x faster than the M1 while the M1 Max's GPU is said to be 4x faster.

Mozilla Firefox: Spyware, Password Loggers, and Performance Monitoring

  • This Week in Glean: Designing a telemetry collection with Glean

    (“This Week in Glean” is a series of blog posts that the Glean Team at Mozilla is using to try to communicate better about our work. They could be release notes, documentation, hopes, dreams, or whatever: so long as it is inspired by Glean.) All “This Week in Glean” blog posts are listed in the TWiG index). Whenever I get a chance to write about Glean, I am usually writing about some aspects of working on Glean. This time around I’m going to turn that on its head by sharing my experience working with Glean as a consumer with metrics to collect, specifically in regards to designing a Nimbus health metrics collection. This post is about sharing what I learned from the experience and what I found to be the most important considerations when designing a telemetry collection. I’ve been helping develop Nimbus, Mozilla’s new experimentation platform, for a while now. It is one of many cross-platform tools written in Rust and it exists as part of the Mozilla Application Services collection of components. With Nimbus being used in more and more products we have a need to monitor its “health”, or how well it is performing in the wild. I took on this task of determining what we would need to measure and designing the telemetry and visualizations because I was interested in experiencing Glean from a consumer’s perspective.

  • Firefox Add-on Reviews: How to choose the right password manager browser extension

    All good password managers should, of course, effectively secure passwords; and they all basically do the same thing—you create a single, easy-to-remember master password to access your labyrinth of complex logins. Password managers not only spare you the hassle of remembering a maze of logins; they can also offer suggestions to help make your passwords even stronger. Fortunately there’s no shortage of capable password protectors out there. But with so many options, how to choose the one that’ll work best for you? Here are some of our favorite password managers. They all offer excellent password protection, but with distinct areas of strength.

  • Mozilla Performance Blog: Performance Sheriff Newsletter (September 2021)

    In September there were 174 alerts generated, resulting in 23 regression bugs being filed on average 6.4 days after the regressing change landed. Welcome to the September 2021 edition of the performance sheriffing newsletter. Here you’ll find the usual summary of our sheriffing efficiency metrics. If you’re interested (and if you have access) you can view the full dashboard.

Red Hat/Fedora Leftovers

  • The NeuroFedora Blog: Next Open NeuroFedora meeting: 25 October 1300 UTC

    Please join us at the next regular Open NeuroFedora team meeting on Monday 25 October at 1300UTC in #fedora-neuro on IRC (Libera.chat). The meeting is a public meeting, and open for everyone to attend.

  • Real-time Analytics News for Week Ending October 16 - RTInsights

    In this week’s real-time analytics news: Red Hat announced updates in its portfolio of tools and programs for building applications on Red Hat OpenShift, and more. Keeping pace with news and developments in the real-time analytics market can be a daunting task. We want to help by providing a summary of some of the items our staff came across each week. Here are some of the news items from this week: Red Hat announced a series of updates in its portfolio of developer tools and programs for developers building applications on Red Hat OpenShift. The updates were to Red Hat OpenShift Pipelines, Red Hat OpenShift GitOps, and the Red Hat build of Quarkus. Additionally, Red Hat expanded the roster of training resources available on Kube By Example.

  • What I learned about Kubernetes and Knative Serverless

    If you happened to miss this year’s Kubernetes Summer Camp, there’s some good news! The sessions were recorded and are available for on-demand viewing. Along with those, you’ll also get access to a variety of downloadable content, including a free O’Reilly e-book.

  • Awards roll call: August to October 2021 [Ed: Those accolades and fake rewards/awards can easily be bought; they let you game the system for money]

    From workplace accolades to product wins, we are proud to be able to highlight some aspects of our company and the recognition they’ve received in the past few months. We recently published our DEI Statement, which declares our commitment to diversity, equity and inclusion—not just for our associates, but for our partners, customers and open source contributors. Our culture is rooted in transparency, collaboration, and inclusion—open source principles that continue to drive our company forward. We see the following awards as a recognition of our open source-driven innovation, where the best ideas can come from anywhere and anyone.