Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Wednesday, 11 Dec 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and a half and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Repliessort icon Last Post
Story Do You Have an Xbox? srlinuxx 11/04/2005 - 3:35am
Story This Week at the Movies: Hitch & The Aviator srlinuxx 11/04/2005 - 3:34am
Story Latest On the Browser Wars srlinuxx 11/04/2005 - 3:32am
Story Legislation to regulate games srlinuxx 11/04/2005 - 3:31am
Story Typing Style Can Be Password srlinuxx 11/04/2005 - 3:30am
Story Hey Coool, a Virtual Tour srlinuxx 11/04/2005 - 3:30am
Story Experiences of a Linux Newbie srlinuxx 11/04/2005 - 3:29am
Story June Cleaver meets Fortune 500 srlinuxx 11/04/2005 - 3:29am
Story Predictions of Gloom and Doom srlinuxx 11/04/2005 - 3:29am
Story EBay eyes open source srlinuxx 11/04/2005 - 3:28am

A better Qt because of Open Source and KDE

Filed under
Development
KDE

The development framework Qt is available both as Open Source and under paid license terms. Two decades ago, when Qt 2.0 was first released as Open Source, this was exceptional. Today, most popular developing frameworks are Free/Open Source Software1. Without the dual licensing approach, Qt would not exist today as a popular high-quality framework.

There is another aspect of Qt licensing which is still very exceptional today, and which is not as well-known as it ought to be. The Open Source availability of Qt is legally protected through the by-laws and contracts of a foundation.

The KDE Free Qt Foundation was created in 1998 and guarantees the continued availability of Qt as Free/Open Source Software2. When it was set up, Qt was developed by Trolltech, its original company. The foundation supported Qt through the transitions first to Nokia and then to Digia and to The Qt Company.

In case The Qt Company would ever attempt to close down Open Source Qt, the foundation is entitled to publish Qt under the BSD license. This notable legal guarantee strengthens Qt. It creates trust among developers, contributors and customers.

The KDE Free Qt Foundation is a cooperation between The Qt Company on the one hand and KDE on the other hand. KDE is one of the largest Free Software communities for general purpose end-user software, founded in 1996. In case of ties, KDE has an extra vote, ensuring that The Qt Company does not have a veto on decisions.

My in-depth presentation below provides an overview of the history of the Foundation and describes its importance for Qt today. It explains in detail why the existence of the Foundation has a positive influence on the long-term market success of Qt.

Read more

Legislating is patch review

Filed under
Development
KDE

Patch review is a process by which newcomers and experts debate proposed changes to a codebase–a textual description of how a particular human-created system is to function. In KDE, we use Phabricator for this, but we’re switching to GitLab soon. Both serve the same purpose: to provide a forum where proposed changes can be discussed, revised, and decided upon.

[...]

Rushing isn’t such a huge deal as long as you have a QA process and discrete releases. These tools provide time for regressions to be fixed and rough edges to me smoothed out. When patches can be evaluated in a safe sandbox of sorts and subsequently tweaked before their effects are released to users, it’s not so bad to move quickly. But you can’t expose your users to the churn stirred up by a fast process; it needs to be contained internally.

Lesson for politicians: You don’t need so much process surrounding lawmaking if you don’t roll out all approved changes immediately. Before new bills take effect, let them simmer for a while in a “release branch” where they can undergo QA so that regressions can be found before they’re inflicted on unsuspected citizens (users)!

As software people, there are lessons we can take from our governments’ successes (and more often these days it seems, their failures), because this aspect of our professions overlaps quite a bit. It also exposes an uncomfortable truth: changing the rules and behaviors of a system that effects everyone is inherently political. That’s why we invented patch review processes: to make sure that important voices are heard, that the system doesn’t become inhumane for people who depend on it, and that its overall trajectory is positive.

Personally I’m a lot more sanguine about the prospect of this in software than government right now, and I think that’s something that needs to change. The efficacy and positive societal impacts of our governments’ lawmaking seems to be at a bit of an ebb at this moment in time. But there may come a point in time when our experience in patch review becomes useful on a larger stage, and benefits not only users of KDE software, but also the people of the world. We shouldn’t shy away from politics. Our everyday experiences in KDE are in fact the prefect preparation! Far from being distant and scary, it’s something we’re engaging in–and succeeding at–every time we contribute to KDE.

Read more

FreeMesh WiFi 5 Mesh Network Router Runs OpenWrt

Filed under
GNU
Linux
Hardware

FreeMesh W1326 LTE Router Mesh Network Access FreeMesh has launched an open-source mesh router, the WE1326 LTE FreeMesh Router (included are two nodes) that runs OpenWrt open-source operating system...

Read more

Kubernetes 1.17

Filed under
Server
Google
Software
  • Kubernetes 1.17: Stability

    We’re pleased to announce the delivery of Kubernetes 1.17, our fourth and final release of 2019! Kubernetes v1.17 consists of 22 enhancements: 14 enhancements have graduated to stable, 4 enhancements are moving to beta, and 4 enhancements are entering alpha.

  • Kubernetes 1.17 Feature: Kubernetes Volume Snapshot Moves to Beta

    The Kubernetes Volume Snapshot feature is now beta in Kubernetes v1.17. It was introduced as alpha in Kubernetes v1.12, with a second alpha with breaking changes in Kubernetes v1.13. This post summarizes the changes in the beta release.

  • Kubernetes 1.17 Feature: Kubernetes In-Tree to CSI Volume Migration Moves to Beta

    The Kubernetes in-tree storage plugin to Container Storage Interface (CSI) migration infrastructure is now beta in Kubernetes v1.17. CSI migration was introduced as alpha in Kubernetes v1.14.

    Kubernetes features are generally introduced as alpha and moved to beta (and eventually to stable/GA) over subsequent Kubernetes releases. This process allows Kubernetes developers to get feedback, discover and fix issues, iterate on the designs, and deliver high quality, production grade features.

10 Best Cheap Linux Laptops to Buy on a Budget

Filed under
GNU
Linux
Hardware

In comparison to other operating systems, Linux offers a dedicated environment for programmers that is free and more dedicated to user’s privacy and security. This is why Linux’s popularity has increased drastically over the years.
Whether you’re looking at buy a laptop with pre-installed Linux or want to run it on parallel with a Windows operating system, you’ve come to the right place. Read on below to find out some interesting specifications of the top ten Linux laptops you can buy at the most affordable prices.

Read more

PineTime: A Linux Friendly Smartwatch

Filed under
Linux
Gadgets

After releasing their successful rounds of notebook computers, laptops, single-board PCs and Linux smartphones, Pine64 is back with another incredible launch. The company is set to bring a smartwatch based on the Linux operating system that focuses solely on the needs of developers.

Pine64: History

Mainly known as Pine Microsystems, Inc., the US origin company sells and manufactures computer hardware and software. After the company’s 1st product, the Pine A64, a single-board computer in 2015, the company went on with the same name after that. Later, it released successors of the Pine family that included notebooks and smartphones for the public.

PineTime Smartwatch

The PineTime project came under attention in September 2019 when the company on their official Twitter account announced it. The news came right after Pine64 made the existence of its PinePhone public. In the coming year, with the success of the Librem 5 smartphone and PinePhone soon to hit the markets, it is a perfect time to introduce a companion device that goes along with other Linux devices.

Read more

Ian Jackson on Debian Vote Regarding SystemD

Filed under
Debian

  • Debian GR on init systems - Ballot paper format

    You are allowed to reorder the choices on your ballot paper, and this is effective.

    That is, you can take the ballot paper in the CFV and edit the lines in it into your preferred order with cut and paste. You can look at the letters, or the Secretary's summary lines, when you do that.

    It's important to use a proper text editor and not linewrap things while you do this.

    After, that you can simply write numbers 1 to 8 into the boxes down the left hand side.

    Rank all the options. That way when you get your vote ack back, any parse failure will show up as a blank space in the ack.

  • Debian init systems GR - voting guide

    If you don't know what's going on, you may wish to read my summary and briefing blog post from a few weeks ago. There are 7 options on the ballot, plus Further Discussion (FD). With this posting I'm trying to help voting Debian Members (Debian Developers) cast their votes.

    I am going to be neutral about the technical merits of systemd. My advice does not depend on your opinion about that.

    So my advice here is addressed to people who like systemd and want to keep running it, and developing with it, as well as, of course, people who prefer not to use systemd. I'm even addressing readers who think systemd has useful features which they would like Debian packages to be able to use.

    However, I am going to be opinionated about one key question: My baseline is that Debian must welcome code contributions to support running without systemd, just as it welcomes code contributions for other non-default setups. If you agree with that principle, then this posting is for you. Unfortunately this principle is controversial. Several of the options on the current GR mean rejecting contributions of non-systemd support. So in that sense I am not neutral.

LTE-ready Linux dev board powered by i.MX8M Mini module

Filed under
Linux

MYIR’s industrial-temp “MYC-C8MMX” module runs Linux on an up to 1.8GHz i.MX8M Mini Quad. It’s available as part of a “MYD-C8MMX” board that provides GbE, WiFi/BT, MIPI DSI/CSI, LVDS, M.2, and mini-PCIe with SIM slot.

Like the MYC-JX8MX COM and MYD-JX8MX dev board announced in June, MYIR’s $79 and up MYC-C8MMX module and $169 and up MYD-C8MMX board expand upon an NXP i.MX8 SoC. This time, MYIR has tapped the i.MX8M Mini rather than the slower, but 4K-ready i.MX8M. Other similar, COM-and-carrier implementations of the Mini include Boardcon’s SOM-IMX8M-MINI with EM-IMX8M-MINI.

Read more

SATA HATs support up to four drives on Raspberry Pi 4 or Rock Pi 4

Filed under
Linux

Radxa’s Dual ($25) and Quad ($35) SATA HATs work on the Raspberry Pi 4 or Rock Pi 4 at up to 400 MB/s via USB 3.0. There’s also a faster, 800 MB/s $49 “Penta SATA HAT” for the Rock Pi 4 that uses PCIe to support 5x drives.

You can find a few SATA HATs for the Raspberry Pi 4 that support single SATA or mSATA connections, such as Geekworm’s $26 X825 or Renkforce’s $19 SATA Extension Board, but Radxa’s new line of SATA HATs for network attached storage (NAS) applications appear to be the first to support multiple SATA connections. Such a feat is possible on some other hacker boards such as FriendlyElec’s $25, quad-SATA 4X SATA HAT for the NanoPi M4, which like the Rock Pi 4 and similar, DP-enabled Rock Pi 4B, runs Linux on a PCIe-enabled Rockchip RK3399.

Read more

today's leftovers

Filed under
Misc
  • SUSE Linux Enterprise 12 Service Pack 5 is Generally Available

    As you know, SUSE Linux Enterprise service packs are released on a yearly cadence. Service Pack 5 is the next service pack since the release of Service Pack 4 in Dec 2018. In addition, Service Pack 5 is also the last service pack for SUSE Linux Enterprise 12 release. With the release of SUSE Linux Enterprise 12 Service Pack 5 on December 9th, general support for SUSE Linux Enterprise 12 Service Pack 4 will end on June 30th, 2020. Customers wishing to maintain support of their SUSE Linux Enterprise 12 Service Pack 4 installations after June 30, 2020 can continue support through the purchase of Long Term Service Pack Support.

    [...]

    If you are currently running SUSE Linux Enterprise 12 SP4, you can migrate to Service Pack 5 as part of your active subscription until June 30, 2020.

  • Developing Leaderboard for GNOME Hackers

    After completing my Google Summer of Code assignment, I had an idea in my mind for a project where the hard-working people on GNOME, known as GNOME Hackers, could be appreciated based on the amount of work they do for the FLOSS community. In the quest for the same, I wrote a leaderboard web app, GNOME Hackers. It was an awesome experience and I utilized my weekends very well by learning many new things. I will give a brief of them below.

  • Counting down the days using bash

    Need to know how many days there are before some important event? Let Linux bash and the date command help with that!

  • How to Boost Your Programming Skills

    Anyone with an old computer that they don't use anymore should install Ubuntu on it in order to improve their programming skills. It's a free Linux-based operating system that can run on a wide range of hardware. Successfully using Ubuntu will require you to learn more about Python, which is considered one of the most simplified and beginner-friendly programming languages in use today. - Bryce Welker, The Big 4 Accounting Firms

  • Canonical sponsors WSLConf at Microsoft HQ [Ed: Mark Shuttleworth donates money to Microsoft's attacks on GNU/Linux]

    Canonical is announcing today it will be a featured sponsor of WSLConf, the first conference dedicated to the Windows Subsystem for Linux (WSL) platform. WSLConf is scheduled for March 10th-11th, 2020 and is being held on the campus of Microsoft’s headquarters in Redmond, Washington. The conference brings together developers, start-up founders, academics, enterprise, community members, and teams from Microsoft and Canonical around Windows Subsystem for Linux. The conference will include two densely-packed days of presentations and workshops on the latest developments on the rapidly evolving platform.

  • Mozilla Addons Blog: Secure your addons.mozilla.org account with two-factor authentication

    Accounts on addons.mozilla.org (AMO) are integrated with Firefox Accounts, which lets you manage multiple Mozilla services from one login. To prevent unauthorized people from accessing your account, even if they obtain your password, we strongly recommend that you enable two-factor authentication (2FA). 2FA adds an extra layer of security to your account by adding an additional step to the login process to prove you are who you say you are.

    When logging in with 2FA enabled, you will be asked to provide a verification code from an authentication application, in addition to your user name and password. This article on support.mozilla.org includes a list of supported authenticator applications.

    Starting in early 2020, extension developers will be required to have 2FA enabled on AMO. This is intended to help prevent malicious actors from taking control of legitimate add-ons and their users. 2FA will not be required for submissions that use AMO’s upload API.

    Before this requirement goes into effect, we’ll be working closely with the Firefox Accounts team to make sure the 2FA setup and login experience on AMO is as smooth as possible. Once this requirement goes into effect, developers will be prompted to enable 2FA when making changes to their add-ons.

  • Embracing digital transformation with containerisation and Kubernetes

    While digital transformation is creating new business opportunities, it is also bringing a host of challenges and technological barriers with its wave of progress. With changes ongoing and always around the corner, organisations are having to re-evaluate how they can modernise their often-out-dated digital infrastructure in order to keep up. Is there any way to make the transition simpler?

    Enter Kubernetes. The word is taken from ancient Greek, where it translates as ‘helmsman’ or ‘pilot’. So, it makes sense that your IT business strategy can be guided, not through the Aegean, but through the waters of digital transformation towards stability and efficiency. What began life as Google’s original open source container-orchestration system, has now paved the way for a reliable precedent to automating, controlling and extending modern IT applications.

  • Datacenters Are Hungry For Servers Again

    Server consumption is a pretty good proxy for how enterprises of all shapes and sizes feel about their particular business. And judging by the number of machines and the aggregate revenue they drove in the third quarter – despite all of the uncertainty in the world – they must be feeling pretty good.

Devices: Btlejack, I2C, Congatec

Filed under
GNU
Linux
Hardware
  • Sniff, jam and hijack Bluetooth Low Energy devices with Btlejack

    Bluetooth Low Energy Swiss-army knife or Btlejack is a small software client designed to be used with the BBC Micro:Bit mini PC and can be used with one or more devices running a dedicated firmware. Once installed you will be able to sniff, jam and hijack Bluetooth Low Energy devices. Current version of this tool (2.0) supports BLE 4.x and 5.x.

    “Btlejack relies on one or more BBC Micro:Bit. devices running a dedicated firmware. You may also want to use an Adafruit’s Bluefruit LE sniffer or a nRF51822 Eval Kit, as we added support for these devices. The BLE 5.x support is limited, as it does only support the 1Mbps Uncoded PHY and does not support channel map updates.”

    “You need a UNIX based system (for example a Raspberry Pi). If you use the BBC Micro:Bit, you will need one to three Micro:Bit devices (three devices recommended) and for each device one free USB port. The power consumption of a Micro:Bit is rather low, so you can use a single USB port and a passive hub for powering the three recommended units.”

  • I2CMini is tiny USB to I2C Bridge for your PC or SBC (Crowdfunding)

    Last year, we wrote about Excamera Labs SPIDriver tool to control and monitor SPI devices from your computer, but this year the company launched another similar product for I2C: I2CDriver.

  • Congatec Conga-SMX8-Nano SMARC 2.0 CoM Features NXP i.MX 8M Nano Processor

    Congatec Announces Ultra-Low-Power SMARC 2.0 CoM Congatec has come out with a new CoM, the Conga-SMX8-Nano that carries up to 4x ARM Cortex-A53 and 1x Cortex-M7 cores with a full spectrum of options...

China orders officials to remove foreign tech from computers

Filed under
GNU
Linux
Microsoft

China began building its own operating system to replace Microsoft Windows or iOS in 2013, with the help of a British company Canonical.

Canonical was founded by South African entrepreneur Mark Shuttleworth to market commercial support and related services for Ubuntu, a Linux-based operating system which is open-source and not owned by an individual or company.

Canonical provided technical support to build Chinese users an Ubuntu open-source operating system named Kylin, at the request of the Chinese Ministry of Industry and Information Technology.

Earlier this year the US banned American companies from doing business with Chinese telecommunications company Huawei. Google, Intel and Qualcomm stopped working with the technology company.

Prime Minister Boris Johnson hinted that the future of Chinese technology companies in the UK could be on the line after vowing not to involve Huawei in upcoming 5G networks if it would create a rift with security allies like the US.

Read more

Free Software program Basis Provides Advantages and Merchandise In Its Annual Fundraiser

Filed under
GNU

An nameless reader writes:
The Free Software program Basis is holding its annual fundraiser, with a aim of attracting 600 new members by the tip of December. (New members to date: 112.) “We’re nonetheless combating the oppressive nature of proprietary software program,” explains the marketing campaign’s net web page. “Now we have made strong inroads, and the neighborhood is as passionate as ever.”

As a 501(c)(3) charity the group’s membership dues are all tax deductible, and affiliate memberships are simply $10 a month ($5 for college kids). They arrive with particular advantages together with as much as 5 electronic mail aliases within the member.fsf.org area, eligibility to hitch the nonprofit Digital Credit score Union, free admission to the annual LibrePlanet convention in Boston, and 20% reductions on FSF merchandise and GNU gear (together with this pleasant stuffed child gnu).

Read more

Also: Mark J. Wielaard: Software Freedom Conservancy Donor Match

Python Programming: Python 3, MicroPython, Creating Command Line Utilities and Installing/Updating Packages in Python

Filed under
Development
  • It’s Time to Upgrade to Python 3 – Time Is Running Out!

    As of January 1, 2020, Anaconda will no longer be adding new packages built for Python 2.7 to repo.anaconda.com default channels. The Python 2.7 packages available prior to that date will remain available.

    This means, for instance, that if there is a newly released version of TensorFlow after the first of the new year – it will not be available in defaults for Python 2.7.

    The one exception is that Python 2.7.18 is slated to be released in mid-April 2020 according to PEP-0373. Packages for Python 2.7.18 will be built and made available on the repo.anaconda.com defaults channel.

  • MicroPython: An Intro to Programming Hardware in Python

    Are you interested in the Internet of Things, home automation, and connected devices? Have you ever wondered what it would be like to build a blaster, a laser sword, or even your own robot? If so, then you’re in luck! MicroPython can help you do all of those things and more.

    [...]

    Python’s popularity has skyrocketed in recent years. These days, it’s used everywhere from DevOps to statistical analysis, and even in desktop software. But for a long time, there was one field where Python use was conspicuously missing. Developers working with microcontrollers had not yet adopted the language.

    All of that changed in 2013 when Damien George launched a Kickstarter campaign. Damien, an undergraduate at Cambridge University, was an avid robot programmer. He wanted to move the Python world from machines that worked with capacities in the gigabytes down to the kilobytes. His Kickstarter campaign was an attempt to back his development while he turned his proof of concept into a finished implementation.

    Many developers jumped at the chance, not only to use Python on microcontrollers but also to get an early version of Damien’s own reference hardware, which was built especially for the task! In fact, by the end of the campaign, Damien had blown past his £15,000 goal. Thanks to over 1,900 backers, he reached just shy of £100,000.

  • Creating Command Line Utilities with Python's argparse

    Most of the user-facing software comes with a visually pleasing interface or via a decorated webpage. At other times, a program can be so small that it does not warrant an entire graphical user interface or web application to expose its functionality to the end-user.

    In these cases, we can build programs that are accessible via a Command Line Interface, or CLI.

    In this post, we will explore Python's argparse module and use it to build a simple command-line tool to help us shorten URLs swiftly.

  • Learn all About Installing & Updating Packages in Python

    In this tutorial, we will learn the basics of installing, working and updating packages in Python. First, we will learn how to install Python packages, then how to use them, and finally, how to update Python packages when needed. More specifically, we are going to learn how to install and upgrade packages using pip, conda, and Anaconda Navigator.

    Now, before we are going to learn how to install Python packages we are going to answer the question “what is a package in Python?”

Facebook's New Linux Slab Memory Controller Saving 30~40%+ Of Memory, Less Fragmentation

Filed under
Linux

Back in September we wrote about Facebook's Roman Gushchin working on a new slab memory controller/allocator implementation that in turn could provide better memory utilization and less slab memory usage. This wasn't ready in time for the 5.5 kernel but a revised patch series was sent out last week.

Roman continues to talk up this new slab memory controller with it turning out much better than the existing slab memory code, which he says in Facebook production workloads is only seeing 45~65% slab utilization and at best case around 85%. This controller rework aims for better slab utilization and also sharing of slab pages between multiple memory cgroups. The memory accounting is done now per-object rather than per-page, among other changes.

Read more

Also: KubeCon gets bigger, the kernel gets better, and more industry trends

Syndicate content

More in Tux Machines

Kernel: LWN Articles and Radeon Linux 5.6 Changes

  • Fixing SCHED_IDLE

    The scheduler implements many "scheduling classes", an extensible hierarchy of modules, and each class may further encapsulate "scheduling policies" that are handled by the scheduler core in a policy-independent way. The scheduling classes are described below in descending priority order; the Stop class has the highest priority, and Idle class has the lowest. The Stop scheduling class is a special class that is used internally by the kernel. It doesn't implement any scheduling policy and no user task ever gets scheduled with it. The Stop class is, instead, a mechanism to force a CPU to stop running everything else and perform a specific task. As this is the highest-priority class, it can preempt everything else and nothing ever preempts it. It is used by one CPU to stop another in order to run a specific function, so it is only available on SMP systems. The Stop class creates a single, per-CPU kernel thread (or kthread) named migration/N, where N is the CPU number. This class is used by the kernel for task migration, CPU hotplug, RCU, ftrace, clock events, and more. The Deadline scheduling class implements a single scheduling policy, SCHED_DEADLINE, and it handles the highest-priority user tasks in the system. It is used for tasks with hard deadlines, like video encoding and decoding. The task with the earliest deadline is served first under this policy. The policy of a task can be set to SCHED_DEADLINE using the sched_setattr() system call by passing three parameters: the run time, deadline, and period. To ensure deadline-scheduling guarantees, the kernel must prevent situations where the current set of SCHED_DEADLINE threads is not schedulable within the given constraints. The kernel thus performs an admittance test when setting or changing SCHED_DEADLINE policy and attributes. This admission test calculates whether the change can be successfully scheduled; if not, sched_setattr() fails with the error EBUSY. The POSIX realtime (or RT) scheduling class comes after the deadline class and is used for short, latency-sensitive tasks, like IRQ threads. This is a fixed-priority class that schedules higher-priority tasks before lower-priority tasks. It implements two scheduling policies: SCHED_FIFO and SCHED_RR. In SCHED_FIFO, a task runs until it relinquishes the CPU, either because it blocks for a resource or it has completed its execution. In SCHED_RR (round-robin), a task will run for the maximum time slice; if the task doesn't block before the end of its time slice, the scheduler will put it at the end of the round-robin queue of tasks with the same priority and select the next task to run. The priority of the tasks under the realtime policies range from 1 (low) to 99 (high).

  • Virtio without the "virt"

    One might ask why it makes sense to implement virtio devices in hardware. After all, they were originally designed for hypervisors and have been optimized for software rather than hardware implementation. Now that virtio support is widespread, the network effects allow hardware implementations to reuse the guest drivers and infrastructure. The virtio 1.1 specification defines ten device types, among them a network interface, SCSI host bus adapter, and console. Implementing a standards-compliant device interface lets hardware implementers focus on delivering the best device instead of designing a new device interface and writing guest drivers from scratch. Moreover, existing guests will work with the device out of the box, and applications utilizing user-space drivers, such as the DPDK packet processing toolkit, do not need to be relinked with new drivers — this is especially helpful when static linking is utilized. Implementing virtio in hardware also makes it easy to switch between hardware and software implementations. A software device can be substituted without changing guest drivers if the hardware device is acting up. Similarly, if the driver is acting up, it is possible to substitute a software device to make debugging the driver easier. It is possible to assign hardware devices to performance-critical guests while assigning software devices to the other guests; this decision can be changed in the future to balance resource needs. Finally, implementing virtio in hardware makes it possible to live-migrate virtual machines more easily. The destination host can have either software or hardware virtio devices.

  • 5.5 Merge window, part 1

    The 5.5 merge window got underway immediately after the release of the 5.4 kernel on November 24. The first week has been quite busy despite the US Thanksgiving holiday landing in the middle of it. Read on for a summary of what the first 6,300 changesets brought for the next major kernel release.

  • Radeon Linux 5.6 Changes Begin Queuing - Better Power Management, Adds DMCUB Controller

    While the Linux 5.5 merge window has just been over for less than one week, AMD has already submitted their first batch of feature updates to DRM-Next of new graphics driver material aiming for Linux 5.6 early next year.

Screencasts and Shows: Pisi Linux 2.1.2 Run Through, Linux Headlines, Going Linux, FLOSS Weekly and Selling Keynotes/Tweets at the Linux Foundation

GNOME at the Back End and GNOME Shell 3.35.2

  • Molly de Blanc: Keeping the (server) lights on

    Building and maintaining infrastructure for the GNOME project is one of the many activities of the GNOME Foundation, and it’s one of the most important. Building software like the GNOME desktop environment requires a lot of technical support, including managing servers and providing collaboration tools. Since GNOME is focused on being a self-sustaining community, we look as much as possible to managing our own services and software, and making sure it is free and open source. The GNOME Infrastructure Team currently supports a total of 34 virtual machines hosted on a total of eight bare metal nodes. These virtual machines allow us to run services like the Openshift Container Platform (OSCP), which provides self-service access to the community to run any of their workflows on an automated and containarized fashion. GNOME is build using self-hosted FOSS. We collaboratively build GNOME using a GitLab instance, which has a total of 15k accounts. We do shared storage using NextCloud. Community discussion is handled over Mailman, Discourse, and MoinMoin. We are currently using Indico and Connfa for our event planning and management.

  • GNOME Shell 3.35.2 Begins Launching Spawned Processes Within Systemd Scopes

    Out today is a new development release of GNOME Shell on the road to GNOME 3.36 in March. Among the changes in this new GNOME Shell snapshot include: - Spawned processes are now placed within systemd scopes in order to improve out-of-memory behavior for applications, an easy means of being able to kill other processes when the shell is restarted, and other use-cases. Systemd scopes allow managing of processes for organization and resource management purposes.

Security: Proprietary Software Holes and More

  • It's the end of the 20-teens, and your Windows PC can still be pwned by nothing more than a simple bad font

    With the year winding to a close and the holiday parties set to kick off, admins will want to check out the December Patch Tuesday load from Microsoft, Adobe, Intel, and SAP and get them installed before downing the first of many egg nogs. [...] Also of note is CVE-2019-1471, a critical hypervisor escape bug that would allow an attacker running on a guest VM to execute code on the host box. The bulk of this month's critical fixes were for a series of five remote code execution flaws in Git for Visual Studio. In each of the flaws, said to be caused by improper handling of command-line input, an attacker would launch the exploit by convincing the target to clone a malicious repo. The remaining critical patch is for CVE-2019-1468, a play on the tried-and-true font-parsing vulnerability. In the wild, an attacker would embed the poisoned font file in a webpage and attack any system that visits.

  • Exploring Legacy Unix Security Issues

    The operating system SGI IRIX 6.5.22 was declared end of life in 2003, so it has limited use as a production system. I decided I could relive the good old days by looking for new vulnerabilities on an old system in my spare time. It was also an excuse to write some C code, and refresh my memory. One of my favorite vulnerabilities is the Insecure Temporary File (CWE-377). This involves manipulating files created in /tmp in an insecure manner. A file is created in /tmp by a piece of software that doesn’t check if the file exists before creating it. Allowing a malicious local user to symlink that file to a critical system file and overwriting it with the contents of what is written to the file in /tmp. So I started looking under the /usr/sbin directory for binaries to target. I did a quick examination of binaries and scripts in using the find command to give myself a starting point.

  • Private Internet Access updates Linux desktop client to prevent against [CVE-2019-14899]

    The Breakpointing Bad team at the University of New Mexico recently reported a VPN vulnerability that affects Linux, MacOS, iOS, Android, and more. The vulnerability allows malicious actors to not only see your VPN IP address, but also identify sites you are visiting and inject data into connections. The team consists of William J. Tolley, Beau Kujath, and Jedidiah R. Crandall and the public was notified on December 4th, 2019. Designated [CVE-2019-14899], the vulnerability shook the VPN industry due to the breadth of affected systems. [CVE-2019-14899] affects many different types of VPN protocols including OpenVPN, WireGuard, and IKEv2/IPSec. Private Internet Access has released an update to its Linux client that mitigates [CVE-2019-14899] from being used to infer any information about our users’ VPN connections. To our knowledge, Private Internet Access is the first commercial VPN to release a new client that prevents this ongoing security vulnerability.

  • Chrome now warns you when your password has been stolen

    Google is rolling out Chrome version 79 today, and it includes a number of password protection improvements. The biggest addition is that Chrome will now warn you when your password has been stolen as part of a data breach. Google has been warning about reused passwords in a separate browser extension or in its password checkup tool, but the company is now baking this directly into Chrome to provide warnings as you log in to sites on the web.