Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Friday, 15 Nov 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and a half and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Typesort icon Title Author Replies Last Post
goblinxfc srlinuxx 26/04/2007 - 6:30pm
nixsys.com srlinuxx 24/09/2007 - 11:24pm
wolvixondisk srlinuxx 02/10/2007 - 10:49pm
arnybw srlinuxx 18/10/2007 - 3:39pm
webpathinlovelinux srlinuxx 07/02/2008 - 3:44pm
bluewhite srlinuxx 25/03/2008 - 10:44pm
pclos srlinuxx 15/06/2008 - 11:18pm
nixsys2 srlinuxx 18/08/2008 - 7:12am
nixsys3 srlinuxx 18/08/2008 - 7:22am
gg 480x60 srlinuxx 03/09/2008 - 11:55am

Security things in Linux v5.3

Filed under
Linux
Security

In the continuing work to remove “uninitialized” variables from the kernel, Alexander Potapenko added new “init_on_alloc” and “init_on_free” boot parameters (with associated Kconfig defaults) to perform zeroing of heap memory either at allocation time (i.e. all kmalloc()s effectively become kzalloc()s), at free time (i.e. all kfree()s effectively become kzfree()s), or both. The performance impact of the former under most workloads appears to be under 1%, if it’s measurable at all. The “init_on_free” option, however, is more costly but adds the benefit of reducing the lifetime of heap contents after they have been freed (which might be useful for some use-after-free attacks or side-channel attacks). Everyone should enable CONFIG_INIT_ON_ALLOC_DEFAULT_ON=1 (or boot with “init_on_alloc=1“), and the more paranoid system builders should add CONFIG_INIT_ON_FREE_DEFAULT_ON=1 (or “init_on_free=1” at boot). As workloads are found that cause performance concerns, tweaks to the initialization coverage can be added.

Read more

Pocket PC handheld Linux computer coming in 2020 for $199 and up (maybe — crowdfunding)

Filed under
Linux

Sure, there’s a chance you could turn your old smartphone into a pocket-sized Linux computer by replacing the operating system. But if you’re looking for a purpose-built device with a touchscreen display, a QWERTY keyboard, and features you won’t typically find on phones (like 4 USB ports), the folks at Popcorn Computer have you covered.

Maybe. The team has unveiled plans to launch a new pocket-sized computer, appropriately called the Pocket P.C.

It’s set to go up for pre-order through a crowdfunding campaign beginning November 24th. Prices will start at $199 (or $249 for a model with a LoRa radio). And if everything goes according to plan, it could ship by May 1st, 2020.

Read more

Thermostats, Locks and Extension Add-ons – WebThings Gateway 0.10

Filed under
Moz/FF

Happy Things Thursday! Today we are releasing WebThings Gateway 0.10. If you have a gateway using our Raspberry Pi builds then it should already have automatically updated itself.

This new release comes with support for thermostats and smart locks, as well as an updated add-ons system including extension add-ons, which enable developers to extend the gateway user interface. We’ve also added localisation settings so that you can choose your country, language, time zone and unit preferences. From today you’ll be able to use the gateway in American English or Italian, but we’re already receiving contributions of translations in different languages!

Read more

A technical comparison between the snap and the Flatpak formats

Filed under
GNU
Linux
Ubuntu

Since we’ve already discussed the snap layout and architecture in greater details in the previous weeks, let’s start with a quick overview of Flatpak. Much like snaps, Flatpak packages come with necessary components contained inside standalone archives, so they can be deployed and maintained with simplicity on a range of Linux distributions. Runtime and image components are bundled into a single file using the OCI format.

In general, Flatpak applications are built against runtimes, but they can also contain additional libraries inside their own bundles. A Linux system with the Flatpak binary (primary command) installed and configured can then run Flatpak applications. At the moment, there are 21 distributions that offer Flatpak support.

Furthermore, applications are sandboxed using Bubblewrap, which utilises kernel security and namespace features to set up unprivileged containers. Communication outside the sandbox is possible through a mechanism of portals, which allows granular access to system resources.

Flatpak packages are available to end users primarily through Flathub, an app store and build service that is (semi)-officially associated with the Flatpak project. Submissions to Flathub are done as pull requests through GitHub, and require approval from the store admins. Similarly, publishers of proprietary software have to manually request inclusion of their applications. Flatpak applications are also sometimes available as manual download links. There is no automatic update mechanism available by default.

Read more

Zorin OS vs Linux Mint

Filed under
GNU
Linux

There are some specific linux distros out there that specially target the new and casual Linux users, most notably, Linux Mint and Zorin OS. In this article we will compare them.

Zorin OS vs Linux Mint

Both of these distros have earned a solid reputation from the community for being two of the most user-friendly distros of all. Both of them use Ubuntu as the core. Thus, both of them offer similar functionality at the core. However, the real magic is how each of them builds up on top of it. Both Linux Mint and Zorin OS comes up with different feel and vibe.

While both of them are extremely user-friendly and robust, there are some key differences between them. That’s the beauty of Linux.

Read more

Top GIF Recorders For Linux

Filed under
Software

Whether you pronounce it as ‘gif’ or ‘jif’, it’s still a no-brainer that the Graphics Interchange Format is the most widely used image format there is today, gaining in popularity exponentially. This surging bitmap image format is used for a number of purposes, most of which include producing eye-catching animations to improve digital marketing. However, due to its convenience of storing multiple images in the same file while retaining file compression, it is also now considered a popular alternative to screen recording.

While there’s a lot of support for GIFs on Windows and other operating systems like Android, they can also readily be produced on Linux with a lot of flexibility and in the best quality. Let’s look at some of the most popular GIF recorder tools used to produce GIFs on Linux.

Read more

Why Kali Linux is loved by penetration testers [Q&A]

Filed under
Linux
HowTos

Penetration testing is an essential tool for organizations to make sure their systems are safe and secure. It probes systems by attacking them in the way that a hacker would.

But for many, the concept of pentesting is something of a dark art, and the tools used to carry it out shaded in obscurity. One of the most popular tools among testers is Kali Linux but you could be forgiven for never having heard of it.

We spoke to Jim O'Gorman of testing training specialist Offensive Security, which maintains the Kali Linux project, to discover more about what Kali Linux is and why pen testers love it so much.

Read more

Debian Project Releases Linux Security Updates to Patch Latest Intel CPU Flaws

Filed under
Linux
Security
Debian

As reported earlier this week, four new security vulnerabilities have been discovered in the Linux kernel and with an impact on Intel CPUs, namely CVE-2019-11135, CVE-2018-12207, CVE-2019-0154 and CVE-2019-0155, which may lead to privilege escalation, information leak, as well as denial of service.

Following on the footsteps of Canonical and Red Hat, Debian Project has also released new Linux kernel security patches, along with new intel-microcode updates to mitigate all these new vulnerabilities in the Debian GNU/Linux 9 "Stretch" and Debian GNU/Linux 10 "Buster" operating systems.

Read more

Canonical Enhances the Reliability of Its Kubernetes for IoT, Multi-Cloud & Edge

Filed under
Ubuntu

MicroK8s is an upstream Kubernetes deployment certified by the Cloud Native Computing Foundation (CNCF) and developed entirely by Canonical to run offline on your workstation or edge device for all your development, prototyping, and testing needs. MicroK8s is delivered as a snap, which makes it possible to run all Kubernetes services natively and comes bundled with all the libraries and binaries required.

The latest MicroK8s 1.16 release adds high-availability clustering by integrating enterprise SQL database through Canonical's in-house built Dqlite distributed SQL engine to enable rapid deployment of highly standardized small K8s clusters. Dqlite is designed to reduce memory footprint of the cluster in MicroK8s by embedding the database inside Kubernetes itself.

Read more

Zombieload V2 TAA Performance Impact Benchmarks On Cascade Lake

Filed under
Graphics/Benchmarks

While this week we have posted a number of benchmarks on the JCC Erratum and its CPU microcode workaround that introduces new possible performance hits, also being announced this week as part of Intel's security disclosures was "Zombieload Variant Two" as the TSX Async Abort vulnerability that received same-day Linux kernel mitigations. I've been benchmarking the TAA mitigations to the Linux kernel since the moment they hit the public Git tree and here are those initial benchmark results on an Intel Cascade Lake server.

Read more

today's leftovers

Filed under
Misc
  • Could Linux help overcome blockchain's usability challenge

    Android, developed on Linux, is the biggest mobile operating system by far, used by 85 percent of users. Given its credentials as an extremely popular open-source and free operating system, Linux could provide the most powerful opportunity to build a bridge between blockchain and the real world.

    Although it’s not widely used as a desktop operating system, Linux has been released for more hardware platforms than any OS in history. The chances are you’re already using it in some format, as Linux is embedded into hardware such as TVs, game consoles, routers, smartwatches, and more.

  • How to Download and Install KaOS linux on VirtualBox
  • MX Linux 19: The Best XFCE Distro?

    MX Linux is taking the industry by storm, is MX Linux 19 worth all the hype? In this video, I'll show off this new version of the mega-popular Linux distribution and you'll see it in action, installed on real hardware. Is MX Linux 19 the best XFCE distro available today?

  • Insider 2019-11: logging to Elasticsearch; PE 6 to 7 upgrade; Elastic 7; in-list(); off-line deb; Splunk conf;

    This is the 76th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.

  • WordPress introduces a new way for bloggers to get paid

    WordPress, one of the internet’s leading purveyors of blog infrastructure and hosting, has taken a step toward making blogging more sustainable by allowing sites to easily accept recurring payments. Think: subscriptions. The tool will be available to anyone with a paid WordPress site and to sites that use the company’s Jetpack toolkit.

  • Digging for license information with FOSSology

    For a number of years FOSSology was distributed and maintained by HP, until it became an LF project in 2015. It is easier for companies to collaborate on software in a project at an organization like the LF, he said, it makes for a safer harbor for competitors to work together—in Germany, at least. He works for Siemens AG, which is a rather large Germany company.

    Breaking up archive files into their constituent files—some of which may need to be unpacked themselves—then scanning the individual source and other files for their licenses is the basic task of FOSSology. It has a powerful license scanner, he said. Its web-based interface can then give an overview of the contents—which licenses apply to various parts of the tree, for example—and allow users to drill down into the file hierarchy to the individual files to see their copyrights and license-relevant text. When looking at the file, FOSSology highlights that license-relevant text and shows a comparison with the reference text of the license it has determined for the file.

    Determining the license that applies to a file is challenging, however. Files have a wide variety of license-relevant text in them, some of which is ambiguous. It depends on the kind of source code you are working with, but the scanner is unable to decide on a license for up to 30% of files it sees, so it is up to a human reviewer to tag the right license. It is then important to also track what reviewers decide on files in the FOSSology database.

    The Software Package Data Exchange (SPDX) format is used to describe various things in a package, including licensing information. FOSSology can both import and export SPDX information, which allows exchanging information between two FOSSology users to share analysis work. FOSSology is one of a few tools that can consume SPDX information; it can be used to review what another party has concluded about the licensing of a code base. In addition, when a package gets updated, the previous analysis can be used as a starting point; the new dependencies and other changes can be incorporated into that rather than starting from scratch.

    [...]

    Huber handed the microphone back to Jaeger to wrap up the presentation. He said that FOSSology participated in the Google Summer of Code (GSoC) for 2019; the project had three GSoC participants working on various projects. FOSSology has been working on integrating with three different open-source projects as well. Software Heritage is a repository of published software, while ClearlyDefined is a repository of metadata about published software. In both cases, FOSSology has plans to interact with them via their REST APIs. The third project is not as well known, he said. Atarashi takes a new approach in scanning for licenses. Instead of using regular expressions and rules, it uses text statistics and information-retrieval techniques.

    Another initiative that the project has undertaken is FOSSology Slides, which is a site for gathering slides that can be used to talk and teach about FOSSology. They are all licensed under CC BY-SA 4.0 (as are the slides [PDF] from the OSS EU talk). They can be used as is, or adapted for other uses; he encouraged anyone to contribute their FOSSology slides as well. One nice outcome of that is that some Japanese FOSSology users translated slides from FOSSology Slides to that language and contributed them back, Jaeger said. Other translations would be welcome for those who want to contribute to the project but are not software developers.

    A FOSSology user in the audience pointed out that the tool is only able to analyze the code it is given, so package dependencies have to be figured out separately. Jaeger agreed, noting that FOSSology is focused on understanding the licenses in the code it is given; there are other tools that can help figure out what the dependencies are and there are no plans to add that to FOSSology. He suggested the OSS Review Toolkit (ORT) as one possibility.

Open Hardware: Zigbee and Arduino

Filed under
Hardware
OSS
  • Philips Hue Bridge v2.1

    I recently bought a Hue Bridge to experiment a bit with Zigbee and 802.15.4. Following two posts for the hardware version 2.0 and some comments about the differences to version 2.1 I was able to get shell access on my 2.1 hardware.

    As there is up to now no complete guide I describe here, what I did:

    Opening the case is straigth forward. Just remove the two lower nubsis at the bottom and unscrew the two torx screws; then carefully unclip the bottom.

  • $10 HelTec CubeCell LoRa Board Features Cypress PSoC 4 MCU

    The board can be controlled with AT command, but it also supports Arduino programming in Windows, Mac OS, and Linux. You’ll find documentation and code samples on Github, as well as on Heltec’s own website.

    The company provides an example of battery life considering a connection with the LoRa gateway every 15 minutes. In this case, an 80mAh/3.7V battery would last for 3 months, but they did not mention in which mode they performed the calculation.

mesa 19.2.4

Filed under
Graphics/Benchmarks
Linux

Hi list,

I'd like to announce mesa-19.2.4, which is available immediately. This is an
emergency release, to fix a critical bug found in the 19.2.3 release which
causes incomplete rendering on all mesa drivers. This release contains a single
patch to fix that bug, anyone using 19.2.3 should immediately upgrade to 19.2.4
or downgrade to 19.2.2.

Dylan

Read more

Also: Mesa 19.2.4 Released As Emergency Update After 19.2.3 Broke All OpenGL Drivers

The Secrets of Docker Secrets

Filed under
Server
HowTos

Most web apps need login information of some kind, and it is a bad idea to put them in your source code where it gets saved to a git repository that everyone can see. Usually these are handled by environment variables, but Docker has come up with what they call Docker secrets. The idea is deceptively simple in retrospect. While you figure it out it is arcane and difficult to parse what is going on.

Essentially the secrets function create in memory files in the docker image that contain the secret data. The data can come from files, or a Docker swarm.

The first thing to know is that the application running in the docker image needs to be written to take advantage of the Docker secrets function. Instead of getting the password from an environment variable, it would get the password from the file system at /run/secrets/secretname. Not all images available use this functionality. If they don't describe how to use Docker secrets, the won't work. The files will be created in the image, but the application won't read them.

Read more

fwupd and bolt power struggles

Filed under
GNU
Linux

As readers of this blog might remember, there is a mode where the firmware (BIOS) is responsible for powering the Thunderbolt controller. This means that if no device is connected to the USB type C port the controller will be physically powered down. The obvious upside is battery savings. The downside is that, for a system in that state, we cannot tell if it has a Thunderbolt controller, nor determine any of its properties, like firmware version. Luckily, there is an interface to tell the firmware (BIOS) to "force-power" the controller. The interface is a write only sysfs attribute. The writes are not reference counted, i.e. two separate commands to enable the force-power state followed by a single disable, will indeed disable the controller. For some time boltd and the firmware update daemon both directly poked that interface. This lead to some interference, leading in turn to strange timing bugs. The canonical example goes like this: fwupd force-powers the controller, uevents will be triggered and Thunderbolt entries appear in sysfs. The boltd daemon will be started via udev+systemd activation. The daemon initializes itself and starts enumerating and probing the Thunderbolt controller. Meanwhile fwupd is done with its thing and cuts the power to the controller. That makes boltd and the controller sad because they were still in the middle of getting to know each other.

Read more

Syndicate content