Language Selection

English French German Italian Portuguese Spanish

January 2020

Security Leftovers

Filed under
Security
  • Avoiding gaps in IOMMU protection at boot

    When you save a large file to disk or upload a large texture to your graphics card, you probably don't want your CPU to sit there spending an extended period of time copying data between system memory and the relevant peripheral - it could be doing something more useful instead. As a result, most hardware that deals with large quantities of data is capable of Direct Memory Access (or DMA). DMA-capable devices are able to access system memory directly without the aid of the CPU - the CPU simply tells the device which region of memory to copy and then leaves it to get on with things. However, we also need to get data back to system memory, so DMA is bidirectional. This means that DMA-capable devices are able to read and write directly to system memory.

    As long as devices are entirely under the control of the OS, this seems fine. However, this isn't always true - there may be bugs, the device may be passed through to a guest VM (and so no longer under the control of the host OS) or the device may be running firmware that makes it actively malicious. The third is an important point here - while we usually think of DMA as something that has to be set up by the OS, at a technical level the transactions are initiated by the device. A device that's running hostile firmware is entirely capable of choosing what and where to DMA.

    Most reasonably recent hardware includes an IOMMU to handle this. The CPU's MMU exists to define which regions of memory a process can read or write - the IOMMU does the same but for external IO devices. An operating system that knows how to use the IOMMU can allocate specific regions of memory that a device can DMA to or from, and any attempt to access memory outside those regions will fail. This was originally intended to handle passing devices through to guests (the host can protect itself by restricting any DMA to memory belonging to the guest - if the guest tries to read or write to memory belonging to the host, the attempt will fail), but is just as relevant to preventing malicious devices from extracting secrets from your OS or even modifying the runtime state of the OS.

    But setting things up in the OS isn't sufficient. If an attacker is able to trigger arbitrary DMA before the OS has started then they can tamper with the system firmware or your bootloader and modify the kernel before it even starts running. So ideally you want your firmware to set up the IOMMU before it even enables any external devices, and newer firmware should actually do this automatically. It sounds like the problem is solved.

  • Our upcoming Webinar on Security with Ubuntu and IBM Z

    My first interaction with the Ubuntu community was in March of 2005 when I put Ubuntu on an old Dell laptop and signed up for the Ubuntu Forums. This was just a few years into my tech career and I was mostly a Linux hobbyist, with a handful of junior systems administrator jobs on the side to do things like racking servers and installing Debian (with CDs!). Many of you with me on this journey have seen my role grow in the Ubuntu community with Debian packaging, local involvement with events and non-profits, participation in the Ubuntu Developer Summits, membership in the Ubuntu Community Council, and work on several Ubuntu books, from technical consultation to becoming an author on The Official Ubuntu Book.

    These days I’ve taken my 15+ years of Linux Systems Administration and open source experience down a slightly different path: Working on Linux on the mainframe (IBM Z). The mainframe wasn’t on my radar a year ago, but as I got familiar with the technical aspects, the modernization efforts to incorporate DevOps principles, and the burgeoning open source efforts, I became fascinated with the platform.

    As a result, I joined IBM last year to share my discoveries with the broader systems administration and developer communities. Ubuntu itself got on board with this mainframe journey with official support for the architecture (s390x) in Ubuntu 16.04, and today there’s a whole blog that gets into the technical details of features specific to Ubuntu on the mainframe: Ubuntu on Big Iron

    I’m excited to share that I’ll be joining the author of the Ubuntu on Big Iron blog, Frank Heimes, live on February 6th for a webinar titled How to protect your data, applications, cryptography and OS – 100% of the time. I’ll be doing an introduction to the IBM Z architecture (including cool hardware pictures!) and general security topics around Linux on Z and LinuxONE.

  • Intel Makes Public Two More Data Leakage Disclosures

    Intel last night made public two more data leakage disclosures, which tie back to Zombieload and November's TAA issue.

    [...]

    As of writing no CPU microcode updates have been released for Linux users but as soon as that happens I'll begin with some tests for seeing any new performance overhead.

  • Canonical Outs Major Ubuntu 18.04 LTS Kernel Security Update for Cloud Users

    New Ubuntu 18.04 LTS kernel security update addresses 15 vulnerabilities in the Linux 5.0 kernel packages for various cloud systems.

Data transfer in GTK4

Filed under
Development
GNOME

  • Data transfer in GTK4

    The traditional methods for user-initiated data transfers between desktop apps are the clipboard or Drag-and-Drop. GTK+ has supported these methods since the beginning of time, but up until GTK3, the APIs we had for this kind of data transfer were thinly disguised copies of the corresponding X11 apis: selections, and properties and atoms. This is not too surprising, since the entire GDK api was modeled on X11. Unfortunately, the implementation includes horrors such as incremental transfers and string format conversions.

    For GTK4, we’re leaving these things behind as we are moving things in GDK around to be closer to the Wayland API. Data transfer is one the areas in most urgent need of this modernization. Thankfully, it is almost complete at this point, so it is worth taking a look at what has changed, and how things will work in the future.

  • GTK4 Data Transfer APIs Being Modernized Around Wayland

    Red Hat's Matthias Clasen has provided an update on one of the latest areas the GTK developers are working on finishing up with the forthcoming GTK 4.0 tool-kit... Improving the data transfer interfaces around handling for copy/paste and drag-and-drop.

    With GTK4, the data transfer interfaces are being re-engineered with an emphasis on moving closer to the Wayland API where as with GTK3 the GDK API was modeled on the X11 interfaces.

Ditch Windows 7 For Ubuntu Linux With This Great Guide

Filed under
Linux
Ubuntu

If you’re still using Windows 7 and not paying for extended support (likely the vast majority of home users), you’re entering very risky waters. Microsoft won’t be sending along any more updates or security patches which leaves you exposed to all kinds of nastiness. You may be considering upgrading to Windows 10, or even buying a new PC with Windows 10 pre-installed since many older computers don’t meet the hardware requirements to run the latest version of Microsoft’s OS. But Canonical, the company behind the Linux distribution Ubuntu, has published a new guide to ease you through the transition from Windows 7 to Linux.

Read more

LibreOffice 6.4 Released, This is What’s New

Filed under
LibO

LibreOffice 6.4 is here, serving as the latest stable release of this hugely popular open source productivity suite And, as you’d expect, LibreOffice 6.4 features a veritable crop of core updates and key improvements.

The Document Foundation, the non-profit organisation who help steer development of this free office software, say LibreOffice 6.4 is a “performance-focused” release that features “almost perfect support for DOCX, XLSX and PPTX files.”

It’s also the first major release of LibreOffice to be made in the suite’s tenth anniversary year.

For more on what’s new, read on!

Read more

Also: Performance-focused LibreOffice 6.4 is available for download

We Love Performance... So We Love LibreOffice 6.4 With This Office Suite Now Running Faster

LibreOffice 6.4 released

LibreOffice 6.4 Released. This is What’s New.

LibreOffice Office Suite 6.4 Released [Ubuntu PPA]

Games: Prodeus, Obversion, and Aquamarine

Filed under
Gaming
  • Awesome looking FPS 'Prodeus' Early Access release slips to Summer, new trailer is up

    Retro-inspired with plenty of modern tricks, Prodeus looks bloody awesome! Sadly though, we have to wait a bit longer to frag as the Early Access date has slipped.

    In a big update on Kickstarter, the team explained that while it's come far they're just not there yet, so they've pushed Early Access until Summer this year. The extra few months will be used to "deliver an amazing game" and "polish the game to get it to release quality".

  • Obversion is a slow, peaceful and satisfying first-person puzzler out now

    Obversion from former-Google developer Adrian Marple is out now, I played through a bunch of it and found it delightful.

    Visually simple, mechanically very straightforward too but it's also very accessible. You can play the entire game with a gamepad or mouse/keyboard - the choice is yours. The idea of each level is simply to reach the exit, you do this by manipulating the environment by creating and destroying certain blocks. Even if you get something wrong, you can undo entire moves at the tap of a button making it quite peaceful and relaxing even when you're stuck as you're free to experiment at your own pace.

  • Aquamarine, a story-driven quiet survival adventure set in an alien ocean

    Currently crowdfunding on Kickstarter, Aquamarine looks like a very sweet survival adventure about exploring an alien ocean.

    In development by Moebial Studios with a plan to release for Linux, macOS and Windows in Q4 this year, Aquamarine is a small-scale story-driven adventure inspired largely by the psychedelic sci-fi of the '70s and '80s. With gameplay combining elements of old-school roguelikes and the survival genre with the exploration and puzzle solving of classic point-and-click adventures.

Release of Godot Engine 3.2

Filed under
Development
Gaming
  • HERE COMES GODOT 3.2, WITH QUALITY AS PRIORITY

    Godot contributors are thrilled and delighted to release our newest major update, Godot 3.2! It's the result of over 10 months of work by close to 450 contributors (300 of them contributing to Godot for the first time) who authored more than 6000 commits!

    Godot 3.2 is a major improvement over our previous 3.1 installment, bringing dozens of major features and hundreds of bugfixes and enhancements to bring our game developers an ever-improving feature set with a strong focus on usability.

  • Godot Engine 3.2 is out - advancing this FOSS game engine 'with quality as priority'

    After nearly a year of development, the free and open source game engine Godot Engine has a big new feature-filled release out with 3.2 focusing on quality as their priority.

    Even though it's a massive release, the Godot team is encouraging developers to upgrade from the older version as practically "every area of the engine has seen some degree of enhancement". There are a few breaking changes though so check the changelog.

    Originally planned as a small release, however a lot of features introduced in 3.0 and 3.1 "needed refinement" and they did "a lot of work" to improve the "usability, implement missing components and fix bugs" to ensure Godot 3.2 is a long-lasting release with long-term support due to how vastly different Godot 4.0 will be.

  • Godot 3.2 Open-Source Game Engine Released With Better Documentation, New Features

    While developers are hard at work on Godot 4.0 with Vulkan support, that release won't be ready until mid-2020 so as a result Godot 3.2 is out today as their latest stable release and serving as a "long-term support" release until transitioning to Godot 4.

    Godot 3.2 is bringing with it better documentation, Mono / C# integration working on Android and WebAssembly, Oculus Quest support, overhauling of Godot's visual shaders, various graphics/rendering improvements, glTF 2.0 3D asset support, WebSocket and WebRTC support, new editor features, and a variety of other enhancements.

Mesa 19.3.3

Filed under
Graphics/Benchmarks
  • [Mesa-dev] [ANNOUNCE] mesa 19.3.3
    Hi list,
    
    I'd like to announce mesa 19.3.3. This release was delayed due to bugs caught in
    CI that needed to be resolved before the release could be made. Due to the
    slightly longer cycle there's slightly more patches than would normally be
    present in the release.
    
    I've also started using a new script to find the patches in master to pick, so
    please ignore any .pick_status.json: commits, they're generated by the new
    script.
    
    There's plenty of changes here, but intel, docs, radeonsi, and aco are the
    biggest sets of changes.
    
    Dylan
    
    
    Shortlog
    ========
    
    Adam Jackson (1):
          drisw: Cache the depth of the X drawable
    
    Andrii Simiklit (1):
          mesa/st: fix a memory leak in get_version
    
    Bas Nieuwenhuizen (2):
          radv: Disable VK_EXT_sample_locations on GFX10.
          radv: Remove syncobj_handle variable in header.
    
    Caio Marcelo de Oliveira Filho (1):
          intel/fs: Only use SLM fence in compute shaders
    
    Daniel Schürmann (2):
          aco: fix unconditional demote_to_helper
          aco: rework lower_to_cssa()
    
    Dylan Baker (5):
          docs: add SHA256 sums for 19.3.2
          cherry-ignore: Update for 19.3.3
          .pick_status.json: Update to c787b8d2a16d5e2950f209b1fcbec6e6c0388845
          docs: Add relnotes for 19.3.3 release
          VERSION: bump version to 19.3.3
    
    Eric Anholt (1):
          mesa: Fix detection of invalidating both depth and stencil.
    
    Eric Engestrom (1):
          meson: use github URL for wraps instead of completely unreliable wrapdb
    
    Erik Faye-Lund (8):
          docs: fix typo in html tag name
          docs: fix paragraphs
          docs: open paragraph before closing it
          docs: use code-tag instead of pre-tag
          docs: use code-tags instead of pre-tags
          docs: use code-tags instead of pre-tags
          docs: move paragraph closing tag
          docs: remove double-closed definition-list
    
    Francisco Jerez (3):
          glsl: Fix software 64-bit integer to 32-bit float conversions.
          intel/fs/gen11+: Handle ROR/ROL in lower_simd_width().
          intel/fs/gen8+: Fix r127 dst/src overlap RA workaround for EOT message payload.
    
    Hyunjun Ko (1):
          turnip: fix invalid VK_ERROR_OUT_OF_POOL_MEMORY
    
    Jan Vesely (1):
          clover: Initialize Asm Parsers
    
    Jason Ekstrand (8):
          anv: Flag descriptors dirty when gl_NumWorkgroups is used
          intel/vec4: Support scoped_memory_barrier
          intel/blorp: Fill out all the dwords of MI_ATOMIC
          anv: Don't over-advertise descriptor indexing features
          anv: Memset array properties
          anv/blorp: Rename buffer image stride parameters
          anv: Canonicalize buffer formats for image/buffer copies
          anv: Stop allocating WSI event fences off the instance
    
    Jonathan Marek (1):
          st/mesa: don't lower YUV when driver supports it natively
    
    Kenneth Graunke (2):
          intel/compiler: Fix illegal mutation in get_nir_image_intrinsic_image
          intel: Fix aux map alignments on 32-bit builds.
    
    Lasse Lopperi (1):
          freedreno/drm: Fix memory leak in softpin implementation
    
    Lionel Landwerlin (4):
          anv: fix intel perf queries availability writes
          anv: only use VkSamplerCreateInfo::compareOp if enabled
          intel/perf: expose timestamp begin for mdapi
          intel/perf: report query split for mdapi
    
    Marek Olšák (4):
          ac/gpu_info: always use distributed tessellation on gfx10
          radeonsi: work around an LLVM crash when using llvm.amdgcn.icmp.i64.i1
          radeonsi: clean up how internal compute dispatches are handled
          radeonsi: don't invoke decompression inside internal launch_grid
    
    Nataraj Deshpande (1):
          egl/android: Restrict minimum triple buffering for android color_buffers
    
    Pierre-Eric Pelloux-Prayer (8):
          radeonsi: release saved resources in si_retile_dcc
          radeonsi: release saved resources in si_compute_expand_fmask
          radeonsi: release saved resources in si_compute_clear_render_target
          radeonsi: release saved resources in si_compute_copy_image
          radeonsi: release saved resources in si_compute_do_clear_or_copy
          radeonsi: fix fmask expand compute shader
          radeonsi: make sure fmask expand is done if needed
          util: call bind_sampler_states before setting sampler_views
    
    Rhys Perry (8):
          aco: set vm for pos0 exports on GFX10
          aco: fix imageSize()/textureSize() with large buffers on GFX8
          aco: fix uninitialized data in the binary
          aco: set exec_potentially_empty for demotes
          aco: disable add combining for ds_swizzle_b32
          aco: don't DCE atomics with return values
          aco: check if multiplication/clamp is live when applying output modifier
          aco: fix off-by-one error when initializing sgpr_live_in
    
    Samuel Pitoiset (2):
          radv: only use VkSamplerCreateInfo::compareOp if enabled
          radv: fix double free corruption in radv_alloc_memory()
    
    Samuel Thibault (1):
          meson: Do not require libdrm for DRI2 on hurd
    
    Tapani Pälli (1):
          egl/android: fix buffer_count for applications setting max count
    
    Thong Thai (1):
          mesa: Prevent _MaxLevel from being less than zero
    
    Timur Kristóf (1):
          aco/gfx10: Fix VcmpxExecWARHazard mitigation.
    
    
    
    
    git tag: mesa-19.3.3
    
  • Mesa 19.3.3 Released With Many Fixes

    While Mesa 20.0 will be entering its feature freeze this week and branching ahead of the stable release expected in about one month, for now the Mesa 19.3 series is the newest available for stable users.

    Among the fixes to find with Mesa 19.3.3 are listed below while mostly amounting to the usual AMD Radeon and Intel churn along with other core work.

  • Mesa 19.3.3 Released with Improvements for Dead Rising 4, Many Fixes

    The Mesa 3D graphics library has been updated today to version 19.3.3, another bugfix release in the Mesa 19.3 series that addresses various crashes and other issues.

    Mesa 19.3.3 arrives two weeks after version 19.3.2 and it’s here to fix a crash with the Dead Rising 4 action-adventure video game on GFX6 and GFX7 family of AMD GPUs, improve compiling support with GCC (GNU Compiler Collection) 10, and a memory leak in the softpin implementation of the Freedreno DRM driver.

Games: Coma 2: Vicious Sisters, Kentucky Route Zero, Google Stadia, Warcraft III

Filed under
Gaming
  • Korean survival-horror The Coma 2: Vicious Sisters is officially out now

    From publisher Headup and the South-Korean development team at Devespresso Games we have the full release of The Coma 2: Vicious Sisters.

    Continuing the dark and vicious world setup in The Coma: Recut, this standalone sequel doesn't need you to have played the previous game so you can jump right on in thanks to the new protagonist, Mina Park, although it does have certain references to the previous game for those who've played it.

  • Seven years later Kentucky Route Zero is finally complete with the release of Act V

    As a free update to all existing owners, seven years after the initial release Kentucky Route Zero from developer Cardboard Computer is actually done and finished.

    Not only can you now play through the full story, the update also includes the "interludes" - free experimental games which they published to "ill in the story and characters from different perspectives" and the game has new translations too, adjustable text size and Steam Achievements. Quite a big update!

  • Google Stadia adds GYLT and Metro Exodus for Pro and more Stadia news

    It's time for another little roundup of happenings around Google Stadia, the Linux-powered game streaming service.

    Firstly, for anyone who does have the Founder/Premier Edition or were sent a Buddy Pass, the Pro games for February have been announced. At this point, it does seem like Google are running out of Steam as they're giving away their own exclusive GYLT and Metro Exodus. Samurai Shodown and Rise of the Tomb Raider for Pro ends January 31, so you need to claim them before that date to keep them with your subscription. Google did also announce new Pro deals here.

    Google also did an official "Stadia Savepoint" news post on the official Google blog, going over what they've been doing but there's nothing new there since they already announced the big stuff like 120 games coming to Stadia across this year including some timed-exclusives.

  • How Warcraft III accidentally became a great Lord of the Rings game

    Warcraft III shipped in 2002 with a robust set of map-making tools. To younger folks that might sound weird now. “Map-making tools?” But once upon a time it was normal. In the ‘90s and early ‘00s, most multiplayer games shipped with official tools for creating custom maps or scenarios. I imagine a number of today’s developers grew up making maps for Unreal Tournament, Quake, Counter-Strike, Age of Empires II, and yes, Warcraft III.

More in Tux Machines

Open source mind mapping with Draw.io

There's something special about maps. I remember opening the front book cover of JRR Tolkien's The Hobbit when I was younger, staring at the hand-drawn map of Middle Earth, and feeling the wealth of possibility contained in the simple drawing. Aside from their obvious purpose of actually describing where things are in relation to other things, I think maps do a great job of expressing potential. You could step outside and take the road this way or that way, and if you do, just think of all the new and exciting things you'll be able to see. Read more

19 Absolute Simple Things About Linux Terminal Every Ubuntu User Should Know

Terminal often intimidates new users. However, once you get to know it, you gradually start liking it. Well, that happens with most Linux users. Even if you are using Ubuntu as a desktop system, you may have to enter the terminal at times. New users are often clueless about many things. Some knowledge of basic Linux commands always helps in such cases but this article is not about that. This article focuses on explaining small, basic and often ignored things about using the terminal. This should help new Ubuntu desktop users to know the terminal and use it with slightly more efficiency. Read more

EndeavourOS 21.4 Review [Atlantis] - Pure Arch Linux Experience for You

We review the EndeavourOS 21.4 (Atlantis) — the best Arch Linux flavor for beginners. Read more

today's leftovers

  • Mesa's Classic Drivers Have Been Retired - Affecting ATI R100/R200 & More - Phoronix

    The day has finally come that Mesa's classic OpenGL drivers (non-Gallium3D) have been cleared out of the code-base as part of their modernization effort for mainline. After a half-year pending, the "Delete Mesa Classic" merge request was honored today in eliminating the Mesa "classic" OpenGL drivers from the code-base. The drivers will still be maintained in an "Amber" branch, but considering how little focus these drivers have been receiving by upstream Mesa developers currently, don't expect much (or, if any) real changes moving ahead.

  • Steam support for Chromebooks could surface this week

    After months and months and even more months of waiting, it appears that we may finally get our first look at native Steam gaming on Chrome OS in the very near future. Affectionately known as project ‘Borealis’, the containerized version of Steam has been in the works for nearly two years and it was initially thought that Google was targeting mid to late 2022 for a release. With Chrome OS 96 just rolling out and the next iteration of Google’s desktop operating system not due until January of 2022, it’s fairly clear that this target was missed but that’s okay. I’d rather see a fully baked product released than a buggy piece of software that sours users to Chrome OS. Anyway, in its early development, I presumed that ‘Borealis’, a.k.a. Steam on Chrome OS, would simply be an optimized version of the Steam application that would install and run inside the current Linux container. Over time, we learned that Google was actually creating an entirely new container designed specifically to house Borealis and that it should run independently from the Debian container currently available in Stable Chrome OS. This makes more sense as Google can retain control of the Borealis container and keep it neat and clean for running Steam. Presumably, users will never actually interact with the container like you can with the Linux terminal.

  • iXsystems Recognized in 11th Annual Best in Biz Awards for Most Innovative Product Line of the Year

    TrueNAS by iXsystems is the world’s most popular Open Source storage operating system and is the most efficient solution for managing and sharing data over a network. TrueNAS Open Storage provides unified storage for file, block, object, and application data – making it an exceptionally flexible storage platform for business. All TrueNAS editions -- CORE, Enterprise, and SCALE -- leverage the enterprise-grade OpenZFS file system to provide an all-inclusive data management solution that protects customer data with features like Copy-on-Write, Snapshots, Checksums, Scrubbing, and 2-Copy Metadata.