Language Selection

English French German Italian Portuguese Spanish

OSS Leftovers

Filed under
OSS
  • A Diatribe Concerning My Experiences With Gopher

    This is an article that will collect my opinions concerning Gopher experiences and practices, primarily those I dislike, with regards to conventions I've encountered and whatnot. I'll update this article as I have more to write of and feel the want.

  • A Look at the Open-Source Tools Behind Today’s State-of-the-Art Visual Effects

    Today, Software Defined Visualization (SDVis) is the ultimate in the world of visualization, allowing the best-of-the-best to emerge. It’s hardly a secret in the world of scientific visualization, digital animation, and computer graphics (CG). Go to any hit movie these days, and the results of SDVis will be present to help make the incredible believable.

  • Arturo Borrero González: Netfilter workshop 2019 Malaga summary

    This week we had the annual Netfilter Workshop. This time the venue was in Malaga (Spain). We had the hotel right in the Malaga downtown and the meeting room was in University ETSII Malaga. We had plenty of talks, sessions, discussions and debates, and I will try to summarice in this post what it was about.

    Florian Westphal, Linux kernel hacker, Netfilter coreteam member and engineer from Red Hat, started with a talk related the some works being done in the core of the Netfilter code in the kernel to convert packet processing to lists. He shared an overview of current problems and challenges. Processing in a list rather than per packet seems to have several benefits: code can be smarter and faster, so this seems like a good improvement. On the other hand, Florian thinks some of the pain to refactor all the code may not worth it. Other approaches may be considered to introduce even more fast forwarding paths (apart from the flow table mechanisms for example which is already available).

    Florian also followed up with the next topic: testing. We are starting to have a lot of duplicated code to do testing. Suggestion by Pablo is to introduce some dedicated tools to ease in maintenance and testing itself. Special mentions to nfqueue and tproxy, 2 mechanisms that requires quite a bit of code to be well tested (and could be hard to setup anyway).

    [...]

    After lunch, Pablo followed up with a status update on hardware flow offload capabilities for nftables. He started with an overview of the current status of ethtool_rx and tc offloads, capabilities and limitations. It should be possible for most commodity hardware to support some variable amount of offload capabilities, but apparently the code was not in very good shape. The new flow block API should improve this situation, while also giving support for nftables offload. Related article in LWN: https://lwn.net/Articles/793080/

    Next talk was by Phil, engineer at Red Hat. He commented on user-defined strings in nftables, which presents some challenges. Some debate happened, mostly to get to an agreement on how to proceed.

  • QMO: Firefox Nightly 70 Testday, July 19th

    We are happy to let you know that Friday, July 19th, we are organizing Firefox Nightly 70 Testday. We’ll be focusing our testing on: Fission.

  • This free open-source tool can help game developers make procedural ivy [Ed: Mono is a problem]

    This is a tool specifically for games being made in Unity, an engine which has been used to make plenty of games people don't associate with it—games like Hearthstone, Cities: Skylines, Wasteland 2, Beat Saber, and Cuphead, for instance, were all made in Unity.

  • Popular licenses in OpenAPI

    Note: Before you start complaining, I realise this is probably a very sub-optimal solution code-wise, but it worked for me. In my defence, I did open up my copy of the Sed & Awk Pocket Reference before my eyes went all glassy and I hacked up the following ugly method. Also note that the shell scripts are in Fish shell and may not work directly in a 100% POSIX shell.

    First, I needed to get a data set to work on. Hat-tip to Mike Ralphson for pointing me to APIs Guru as a good resource. I analysed their APIs-guru/openapi-directory repository1, where in the APIs folder they keep a big collection of public APIs. Most of them following the OpenAPI (previously Swagger) specification.

  • Infinite work is less work
    The first task of last week's Perl Weekly Challenge was to print the
    first ten strong and weak primes. A prime pn is "strong" if it's larger
    than the average of its two neighbouring primes (i.e. pn > (pn-1+pn+1)/2).
    A prime is "weak" if it's smaller than the average of its two neighbours.
    
    Of course, this challenge would be trivial if we happened to have a list
    of all the prime numbers. Then we'd just filter out the first ten that
    are strong, and the first ten that are weak. In fact, it would be even
    easier if we happened to have a list of all the strong primes, and a
    list of all the weak ones. Then we'd just print the first ten of each.
    
    But there are an infinite number of primes and of weak primes (and
    possibly of strong primes too, though that's still only conjectured),
    so building a complete list of the various subspecies of primes 
    is impractical in most programming languages.
    
    
    

More in Tux Machines

Security: Linux, Docker and Guix

  • Unpatched Linux bug may open devices to serious attacks over Wi-Fi

    The flaw is located in the RTLWIFI driver, which is used to support Realtek Wi-Fi chips in Linux devices. The vulnerability triggers a buffer overflow in the Linux kernel when a machine with a Realtek Wi-Fi chip is within radio range of a malicious device. At a minimum, exploits would cause an operating-system crash and could possibly allow a hacker to gain complete control of the computer. The flaw dates back to version 3.10.1 of the Linux kernel released in 2013.

  • Docker Attack Worm Mines for Monero
  • Insecure permissions on profile directory (CVE-2019-18192)

    We have become aware of a security issue for Guix on multi-user systems that we have just fixed (CVE-2019-18192). Anyone running Guix on a multi-user system is encouraged to upgrade guix-daemon—see below for instructions. Context The default user profile, ~/.guix-profile, points to /var/guix/profiles/per-user/$USER. Until now, /var/guix/profiles/per-user was world-writable, allowing the guix command to create the $USER sub-directory. On a multi-user system, this allowed a malicious user to create and populate that $USER sub-directory for another user that had not yet logged in. Since /var/…/$USER is in $PATH, the target user could end up running attacker-provided code. See the bug report for more information. This issue was initially reported by Michael Orlitzky for Nix (CVE-2019-17365).

In 2019, multiple open source companies changed course—is it the right move?

Free and open source software enables the world as we know it in 2019. From Web servers to kiosks to the big data algorithms mining your Facebook feed, nearly every computer system you interact with runs, at least in part, on free software. And in the larger tech industry, free software has given rise to a galaxy of startups and enabled the largest software acquisition in the history of the world. Free software is a gift, a gift that made the world as we know it possible. And from the start, it seemed like an astounding gift to give. So astounding in fact that it initially made businesses unaccustomed to this kind of generosity uncomfortable. These companies weren't unwilling to use free software, it was simply too radical and by extension too political. It had to be renamed: "open source." Once that happened, open source software took over the world. Recently, though, there's been a disturbance in the open source force. Within the last year, companies like Redis Labs, MongoDB, and Confluent all changed their software licenses, moving away from open source licenses to more restrictive terms that limit what can be done with the software, making it no longer open source software. Read more Also: Network Time Foundation Joins Open Source Initiative

Red Hat: OpenShift, RHEL, Dependency Analytics, vDPA and More

  • Red Hat Expands the Kubernetes Developer Experience with Newest Version of Red Hat OpenShift 4

    Red Hat, Inc., the world's leading provider of open source solutions, today announced Red Hat OpenShift 4.2, the latest version of Red Hat’s trusted enterprise Kubernetes platform designed to deliver a more powerful developer experience. Red Hat OpenShift 4.2 extends Red Hat’s commitment to simplifying and automating enterprise-grade services across the hybrid cloud while empowering developers to innovate and enhance business value through cloud-native applications.

  • RHEL and Insights combo illuminates threats and spotlights performance for Red Hat systems

    When Red Hat Inc. officially rolled out its Red Hat Enterprise Linux 8, or RHEL 8, operating system in May, the open-source software company also included Red Hat Insights with every subscription for the new release. Based on data supplied by one of the company’s top executives, that has proven to be a wise decision. Insights is a software as a service product that works from a rules-based engine to offer continuous connected analysis of registered Red Hat-based systems. “We’ve seen an 87% increase since May in the number of systems that are linked in,” said Stefanie Chiras (pictured), vice president and general manager of the RHEL Business Unit at Red Hat. “We’re seeing a 33% increase in coverage of rules-based and a 152% increase in customers who are using it. That creates a community of people using and getting value from it, but also giving value back because the more data we have the better the rules get.”

  • What’s new in Red Hat Dependency Analytics

    We are excited to announce a new release of Red Hat Dependency Analytics, a solution that enables developers to create better applications by evaluating and adding high-quality open source components, directly from their IDE. Red Hat Dependency Analytics helps your development team avoid security and licensing issues when building your applications. It plugs into the developer’s IDE, automatically analyzes your software composition, and provides recommendations to address security holes and licensing problems that your team may be missing. Without further ado, let’s jump into the new capabilities offered in this release. This release includes a new version of the IDE plugin and the server-side analysis service hosted by Red Hat.

  • Breaking cloud native network performance barriers

    Up until now we have covered virtio-networking and its usage in VMs. We started with the original vhost-net/virtio-net architecture, moved on to the vhost-user/virito-pmd architecture and continued to vDPA (vHost Data Path Acceleration) where the virtio ring layout was pushed all the way into the NIC providing wiresspeed/wirelatency to VMs. We now turn our attention to using vDPA for providing wirespeed/wirelatency L2 interfaces to containers leveraging kubernetes to orchestrate the overall solution. We will demonstrate how Containerized Network Functions (CNFs) can be accelerated using a combination of vDPA interfaces and DPDK libraries. The vDPA interfaces are added as a secondary interface to containers using the Multus CNI plugin. This post is a high level solution overview describing the main building blocks and how they fit together. We assume that the reader has an overall understanding of Kubernetes, the Container Network Interface (CNI) and NFV terminology such as VNFs and CNFs.

  • Top 5 stress reliefs for sysadmins

Purism shows off more pictures of Librem 5 Phone and PureOS UI

As the first batch of the Librem 5 phones starts reaching its respectful owners, we can now have a better look at the product from its pictures taken by the customers. Before we check them out, let’s get to know a bit more about these phones. The Librem 5 smartphones are powered by PureOS, which is a Linux-based mobile operating system. The brains behind this product, namely Purism, have made it their top priority to offer such phones that provide security, privacy, and freedom to the customers. Accordingly, this product has been made for people who want to have complete control over their phones. You should check out this article if you want to know more about the Librem 5 smartphones. Now coming back to the news, people who have ordered this phone are in for a treat as the Librem 5 comes with a black anodized aluminum case. Not only it’s stylish, but it also maintains high radio reception quality – thanks to its non-metal backing. It accompanies easier-to-slide, flush hardware kill switches. Read more Also: Nathan Wolf: New Life to Rock Candy Gamepad for PS3 | Another Repair