Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Wednesday, 11 Dec 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and a half and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Typesort icon Title Author Replies Last Post
linpc srlinuxx 03/09/2008 - 11:57am
ondiskgoblinx srlinuxx 04/09/2007 - 9:36pm
linuxextremedesktop srlinuxx 20/08/2007 - 2:13am
ondisk-mint srlinuxx 11/08/2007 - 3:58pm
adadheader srlinuxx 27/04/2007 - 1:18am
pclos srlinuxx 27/04/2007 - 4:39am
adadcontent srlinuxx 29/04/2007 - 8:54pm
salesad srlinuxx 01/05/2007 - 5:38pm
easyS srlinuxx 03/05/2007 - 7:03pm
ondisk-pclos-header srlinuxx 24/05/2007 - 3:25pm

News From Python Programmers

Filed under
Development
  • Data Engineer Interview Questions With Python

    Going to interviews can be a time-consuming and tiring process, and technical interviews can be even more stressful! This tutorial is aimed to prepare you for some common questions you’ll encounter during your data engineer interview. You’ll learn how to answer questions about databases, Python, and SQL.

  • 8 AI Predictions for 2020: Business Leaders & Researchers Weigh In

    The first industrial revolution was powered by coal, the second by oil and gas, and the third by nuclear power. The fourth — AI — is fueled by an abundance of data and breakthroughs in compute power. While this abundance has allowed us to make significant progress in recent years, there is still much to be done for AI to be the positive life-changing force that many hope it will be. We asked thought leaders at the forefront of AI and machine learning technology to contribute some insight into what they think will transpire in 2020. Their predictions center around hardware, the human impact of AI, the public’s understanding of AI, and its limitations.

  • The easiest way to deploy Django application

    Heroku is a cloud application platform, it facilitate the deployement of a web application.

    They support several programming languages, include Python.

  • Encoding and Decoding Base64 Strings in Python

    Have you ever received a PDF or an image file from someone via email, only to see strange characters when you open it? This can happen if your email server was only designed to handle text data. Files with binary data, bytes that represent non-text information like images, can be easily corrupted when being transferred and processed to text-only systems.

    Base64 encoding allows us to convert bytes containing binary or text data to ASCII characters. By encoding our data, we improve the chances of it being processed correctly by various systems.

    In this tutorial, we would learn how Base64 encoding and decoding works, and how it can be used. We will then use Python to Base64 encode and decode both text and binary data.

Red Hat and IBM Leftovers

Filed under
Red Hat
  • MicroProfile 3.2 is now available on Open Liberty in Red Hat Runtimes

    Open Liberty 19.0.0.12 provides support for MicroProfile 3.2, allowing users to provide their own health check procedures and monitor microservice applications easily with metrics. Additionally, updates allow trust to be established using the JDK’s default truststore or a certificate through an environment variable.

    [...]

    Open Liberty has added support for Jaeger in MicroProfile OpenTracing. A sample tracer is available for using Zipkin as a tracing backend. With the addition of Jaeger support, developers can also use Jaeger as a tracing backend.

  • Working with Linux containers on RHEL 8 with Podman, image builder and web console

    Podman was released with Red Hat Enterprise Linux 7.6 and 8.0 as the next generation of Linux container tools, is designed to allow faster experimentation and development of features.

    Podman features include rootless, kube generate, and kube play (see: "Podman can now ease the transition to Kubernetes and CRI-O"). Podman is also compatible with the Open Containers Initiative (OCI), Runtime, Image, and Distribution specifications, so customers can build container images that run on OpenShift (which uses CRI-O) or other 3rd-party OCI compliant container engines, and vice versa.

    As can be seen in Figure 1, CRI-O, in Red Hat OpenShift, shares many of its underlying components with Podman. This allows Red Hat engineers to leverage knowledge gained in experiments conducted in Podman for new capabilities in OpenShift.

  • Red Hat Software Collections 3.4, Red Hat Developer Toolset 9 now generally available

    Building the next generation of enterprise applications requires the latest and greatest developer tools paired with production-grade stability. To help meet these twin needs, we’re pleased to deliver the latest version of Red Hat’s curated collection of the latest open source runtime languages, databases, compilers and related developer tools: Red Hat Software Collections 3.4.

  • Celebrating 20 years of enterprise Java: Innovation

    Twenty years ago this week, enterprise Java was born. The Java 2 Platform, Enterprise Edition (J2EE) launched as version 1.2 on Dec. 12, 1999. It built upon many years of work previously in the enterprise distributed systems arena, such as the common object request broker architecture (CORBA) and distributed computing environment (DCE), and its birth marked the beginning of a technology that would become a powerhouse in the world of enterprise application development.

    Building on the "write once, run anywhere" promise of the Java programming language, the enterprise Java platform extends this neutrality and portability with a set of specifications that are well-suited for building large scale applications. As a result, enterprise Java has been able to offer an appealing option for developers that enables them to take advantage of the reliability, speed, efficiency and ease-of-use needed for enterprise-grade development.

  • Keycloak: Core concepts of open source identity and access management

    Keycloak provides the flexibility to export and import configurations easily, using a single view to manage everything. Together, these technologies let you integrate front-end, mobile, and monolithic applications into a microservice architecture. In this article, we discuss the core concepts and features of Keycloak and its application integration mechanisms. You will find links to implementation details near the end.

  • What 5 new innovations will open source yield in the 2020s?

    When I look back to where technology was in 2010, it’s astounding to think about how much has changed — and how so many of those advancements were fueled by open source.

    Ten years ago, AI was not a part of our everyday lives, most developers hadn’t even heard of containers or microservices, blockchain was little more than an idea, and serverless was a far-off dream. Now these technologies, built on open source projects and the communities that surround them, are shaping how developers do their jobs and how people interact with technology on a daily basis.

    In this blog post, I talk about some of the trends that have shaped the past decade as we look forward to what 2020 — and the next decade — has in store for us.

  • Open and Innovative: others don’t have a patch on SUSE

    It’s not just general purpose and large x86_64 systems that feel the benefit of fixing vulnerable systems without waiting for a planned maintenance window. We see so many customers in the SUSE world that run critical applications or large database instances on IBM POWER. In many cases these systems do not have the same levels of flexibility built into general purpose systems, and so every minute of downtime hurts.
    SUSE Linux Enterprise Live Patching has supported live patching on the POWER systems for almost 2 years now. This is just another example of SUSE always listening to the user community and delivering to them what the users really need and when they need. Customers know and depend on SUSE to be the first to deliver the right technology at the right time.

Audiocasts/Shows: Talk Python to Me, Art With Free Software and mintCast on Linux Mint

Filed under
Development
GNU
Linux
  • Talk Python to Me: Episode #242: Your education will be live-streamed

    Online education has certainly gone mainstream. Developers and companies have finally gotten comfortable taking online courses. Sometimes these are recorded, self-paced courses like we have at Talk Python Training. Other times, they are more like live events in webcast format.

    In this episode, you'll meet two guys who are taking the interactivity of online learning up a notch. Brian Clark and Cecil Philip run a weekly event on Twitch where they are live-streaming an interactive Python course. They take questions from 100's of students and dig into the diversions more mainstream online learning simply cannot.

  • [Krita artist] Production report: episode 31

    Slowly but surely and in the background of the book-publishing project I've been working on a future episode of Pepper&Carrot. Here is a report about that with many screenshots:

  • mintCast 323.5 – Traveling Networker Problem

    In our Innards section, we talk more about Linux Mint and Clem’s comments.

Fedora 31 Workstation review - The color of winter

Filed under
Red Hat
Reviews

Last week, we talked about MX Linux MX-19. This week, let's have a look at Fedora 31. Now, some of you may already start grumbling and complaining. Because I will focus a lot of my energy on the Gnome desktop and what it doesn't do, and all that. But then, Fedora is the pioneer child (not in the communist sense) of the Gnome world, showcasing the latest fixes and features the environment offers. Therein lies my hope and my expected but hopefully proven wrong disappointment.

Looking back to the past two years or so, I found Fedora to have improved a little in the performance area, has become more consistent, gained stability in major areas side by side with bugs and problems in others, and still isn't user-friendly enough for immediate consumption. Y'know, proprietary stuff, window buttons, desktop icons, stuff like that. Fedora 30 is a good melting pot of all these observations. I wasn't happy, but then, it's time to rewind the clock, reset my emotions, and boldly charge head first into the wall of open-source.

Read more

Games: Hellpoint, Wasteland 2 Director's Cut, Bite the Bullet, Steam Play Proton

Filed under
Gaming
  • Hellpoint, the dark sci-fi action RPG from Cradle Games now launching in 2020 with new details

    Cradle Games recently put out some fresh exciting details for Hellpoint, their upcoming crowdfunded dark sci-fi action RPG.

    Firstly, it seems the release has been pushed back a while. They were aiming for this year but they're just not going to hit it. They've been going through console certification, along with doing regular updates to the PC Beta and they're now saying it's going to be sometime in "Q1 2020" for Hellpoint's release.

  • Get Wasteland 2 Director's Cut FREE in the GOG Winter Sale, lots of Linux games going cheaps

    Is there seriously another big sale going on already? Yep! This time it comes with a FREE game too. GOG are offering Wasteland 2 Director's Cut at no cost.

    Firstly then, the Wasteland 2 Director's Cut Digital Classic Edition going FREE on GOG which also comes with Wasteland 1: The Original Classic so you're getting two games for nothing here. That should keep you busy enough through the colder Winter nights.

  • Action-RPG platform shooter Bite the Bullet is going to have some really crazy weapons

    Mega Cat Studios previously showed how eating enemies in Bite the Bullet would power you up, now they're talking about the varied weapons you get to play with.

    As a huge fan of Broforce and other such crazy action platformers, Bite the Bullet is high up on my list of games coming out next year. We shouldn't be waiting too long on it, with it due in the first quarter of 2020. To show it off a little more, Mega Cat Studios have a new video talking about all the weapons and some of them are pretty crazy.

  • Another Steam Beta is out, updates the Linux Runtime to help Steam Play Proton

    Quite a small update to the Steam Beta recently, but for some Linux gamers using Steam Play Proton it might be a rather helpful one.

    The new Library got tweaked a little again, now allowing for Family Sharing of tools, Valve also fixed new categories created in small mode or Big Picture mode not being properly saved when switching to normal mode and recently played but disallowed by Family View games not appearing in the Recent Games shelf when Family View is enabled on startup.

Debian: ElkArte, LTS and riscv64 Port

Filed under
Debian
  • How to Install ElkArte Forum with Apache and Let's Encrypt on Debian 10

    ElkArte is a free, open-source and powerful forum software that allows you to create your own online forum community. In this tutorial, we will explain how to install ElkArte on Debian 10 server.

  • My Free Software Activities in November 2019

    Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.

  • Debian GNU/Linux riscv64 port -- Sponsors and Build machines

    In previous posts about the riscv64 port there were mentions about history, progress and other details, but in this one I want to address the topic of sponsors and build machines, which even if there are mentions from time to time (e.g. in talks and slides posted here), it has not been covered in a comprehensive manner.

    And it's only fair that we acknowledge people and orgs sponsoring and contributing resources... and about time too. They will appear roughly in chronological order.

15 Useful Firefox Keyboard Shortcuts You Should Know

Filed under
Moz/FF
OSS

Firefox is one of the most popular free and open-source browsers for Linux users. Even though you have a lot of open source chrome alternatives, Firefox still is one of the best choices to go with.

And you don’t even need to install Firefox on Ubuntu or most other distributions because it is installed by default.

What if you can make your browsing experience on Firefox even better by using some keyboard shortcuts?

Hold on, of course, not everyone prefers to use keyboard shortcuts. But, if you’re comfortable with that and want to do perform tasks in a jiffy, you should know some of the most common Firefox keyboard shortcuts.

It is also worth noting that you could use some of these shortcuts on Chrome/Chromium as well- however, we already have a list of useful Google Chrome shortcuts to help you out. So, if you’re using Chrome/Chromium, I insist you check out that article.

Read more

Android Document Scanning and Developer-Focused TV Box

Filed under
Android
  • The 15 Best Document Scanner Apps for Android Devices in 2020

    It doesn’t matter whether you are an Office job holder, a businessman, or a student; you will face a situation where scanning some papers or documents seem to be essential. But finding a scanner is tough in many places nowadays. You can deal with such a problem if you have installed any document scanner apps on your Android device. In PlayStore, some scanner apps can turn your mobile phone into a tiny scanner. So, just by installing a useful document scanner App, you can scan notes and documents anytime, anywhere.

  • Google ADT-3 is a Developer-Focused TV Box for Android TV on Android 10

    Back in 2014, Google killed Google TV and announced Android TV, and as a result, introduced ADT-1, the first developer kit specifically designed for Android TV.

Improving the security model of the LVFS

Filed under
Linux
Security

There are lots of layers of security in the LVFS and fwupd design, including restricted account modes, 2FA, and server side AppStream namespaces. The most powerful one is the so-called vendor-id that the vendors cannot assign themselves, and is assigned by me when creating the vendor account on the LVFS. The way this works is that all firmware from the vendor is tagged with a vendor-id string like USB:0x056A which in this case matches the USB consortium vendor assigned ID. Client side, the vendor-id from the signed metadata is checked against the physical device and the firmware is updated only if the ID matches. This ensures that malicious or careless users on the LVFS can never ship firmware updates for other vendors hardware. About 90% of the vendors on the LVFS are locked down with this mechanism.

Some vendors have to have IDs that they don’t actually own, a good example here is for a DFU device like the 8bitdo controllers. In runtime mode they use the USB-assigned 8bitdo VID, but in bootloader mode they use a generic VID which is assigned to the chip supplier as they are using the reference bootloader. This is obviously fine, and both vendor IDs are assigned to 8bitdo on the LVFS for this reason. Another example is where Lenovo is responsible for updating Lenovo-specific NVMe firmware, but where the NVMe vendor isn’t always Lenovo’s PCI ID.

Read more

Programming: Vim, Qt Shader and Python

Filed under
Development
  • Vim Text Editor for Beginners Part 1 - Introduction

    In my newly refreshed Vim series, you'll learn all the things you'll need to know in order to use this text editor in your daily workflow. In this first video, we'll get Vim installed take an initial look.

  • Vim Text Editor for Beginners Part 2 - Combining Files

    In my newly refreshed Vim series, you'll learn all the things you'll need to know in order to use this text editor in your daily workflow.

  • Qt Shader Tools Looks To Become Official Qt6 Module

    The currently-experimental Qt Shader Tools allows for graphics/compute shader conditioning and used by the in-development Qt graphics abstraction layer for supporting Vulkan / Metal / Direct3D / OpenGL APIs.

    Qt Shader Tools offers various shader features in preparing them for consumption by different graphics APIs. Qt Shader Tools is currently used ahead of time for QtGUI with Qt 5.14+. But for Qt 6.0, Qt Shader Tools is going through the appropriate steps for becoming a formal Qt 6 module for compiling and translating shaders between interfaces.

  • Python Positional-only parameters

    I have downloaded Python 3.8 and start to play around with those latest python functions. In this article, we will look at the Positional-only parameter syntax which is a function parameter syntax / to indicate that some function parameters must be specified positionally and cannot be used as keyword arguments which means after the / syntax we may specify a value for each parameter within that function.

  • For Loop in Python Explained With Practical Examples

    If you are just getting started to learn Python, you must be in search of something to explore for loop in Python.

    Of course, our list of free python resources should help you learn about it quickly.

    In either case, we shall help you learn more about the ‘for‘ loop in python using a couple of important examples.

Games: Pygame, The Long Dark, DXVK and Shovel Knight

Filed under
Gaming
  • Enable your Python game player to run forward and backward

    In previous entries in this series about creating video games in Python 3 using the Pygame module, you designed your level-design layout, but some portion of your level probably extended past your viewable screen. The ubiquitous solution to that problem in platformer games is, as the term "side-scroller" suggests, scrolling.

    The key to scrolling is to make the platforms around the player sprite move when the player sprite gets close to the edge of the screen. This provides the illusion that the screen is a "camera" panning across the game world.

    This scrolling trick requires two dead zones at either edge of the screen, at which point your avatar stands still while the world scrolls by.

  • Survival Mode in The Long Dark just got a lot bigger with the ERRANT PILGRIM update

    As promised, Hinterland Studio have released a huge update to the Survival Mode side of The Long Dark named ERRANT PILGRIM.

    It brings in a whole new region to explore, Bleak Inlet. Once a home to a thriving industrial Cannery, seismic activity cut-off Bleak Inlet from the rest of the Great Bear mainland. Exploring is not for the faint of heart, being Timberwolf territory but the treasures contained in the industrial complex may just be enough to warrant the journey.

  • DXVK Reportedly Going Into "Maintenance Mode" Due To State Of Code-Base

    While DXVK tends to be much-loved by Linux gamers for allowing more Direct3D 10/11 Windows games to run nicely on Linux with Wine or Proton (Steam Play) thanks to its fairly complete translation of D3D10/D3D11 API calls to Vulkan, it looks like Philip Rebohle is at least contemplating shifting it just into maintenance-mode.

    The DXVK lead developer recently commented that DXVK is "entering maintenance mode" and he doesn't want to make any significant changes or additions to the code.

  • Shovel Knight: King of Cards and Shovel Knight Showdown are out, completing the series

    Starting off with a successful Kickstarter crowdfunding campaign back in 2013 and growing into a massive multi-part 8-bit inspired world, Shovel Knight: Treasure Trove now finally finished. Note: Keys provided by GOG.com to us.

    Originally having a goal of $75,000 and a Linux/macOS stretch goal at $130,000 it proved to be popular ending on $311,491. It's taken six years for Yacht Club Games to get here starting with Shovel of Hope, followed by Plague of Shadows in 2015, Specter of Torment in 2017, and now King of Cards and Shovel Knight Showdown in 2019.

Annotate screenshots on Linux with Ksnip

Filed under
GNU
Linux

I recently switched from MacOS to Elementary OS, a Linux distribution focused on ease of use and privacy. As a user-experience designer and a free software supporter, I take screenshots and annotate them all the time. After trying out several different tools, the one I enjoy the most by far is Ksnip, an open source tool licensed under GPLv2.

Read more

Raspberry Pi 4: Chronicling the Desktop Experience – Remote Desktop – Week 8

Filed under
GNU
Linux
Hardware

This is a weekly blog about the Raspberry Pi 4 (“RPI4”), the latest product in the popular Raspberry Pi range of computers.

I really appreciate receiving suggestions from readers of this blog. I’ve received a few requests to see how the RPI4 fares as a remote desktop client. I can see this could make sense. The RPI4 offers dual monitor support. It should have sufficient CPU and GPU resources to act as a functional remote desktop, particularly when connecting to servers that have better system resources.

Remote Desktop Control displays the screen of another computer (via Internet or local area network) on a local screen. This type of software enables users to use the mouse and keyboard to control the other computer remotely. It means that a user can work on a remote computer as if he or she was sitting directly in front of it, regardless of the distance between the computers.

While readers’ suggestions were focused on the RPI4 acting as a client, my more immediate concern was to use the RPI4 as a host rather than a client. I’ll explain why. For the past week, I’ve been travelling around the country, staying with a few friends. Friends that run Windows only. No one is perfect! And the week before this trip, my Linux laptop gave up the ghost. Reliant on Windows machines with only an Android phone as solace for an entire week wasn’t a tempting prospect. So what better time to access my RPI4 remotely and continue my Pi adventures.

In the realm of remote desktop software, there’s lots of choices for the Raspberry Pi. The obvious focus is VNC related software. There’s lots of VNC clients available in the Raspbian repositories. Popular ones such as VNC Viewer (realvnc), Remmina, TigerVNC, TightVNC, Vinagre are all present.

Read more

Revamp your old Linux desktop with Joe's Window Manager

Filed under
GNU
Linux

Joe's Window Manager (JWM for short) is a lightweight window manager for X11. It's written in C, minimally using Xlib. Because it's so small and simple, JWM makes a great window manager for slow or old computers. The Raspberry Pi barely registers that JWM is running, leaving precious system resources for more important tasks than the desktop.

JWM follows in the footsteps of environments like FVWM, Window Maker, and Fluxbox. It provides an application menu, window decoration, and a panel with an application menu, taskbar, and clock.

Read more

Huawei New MateBook D Series Laptop Lineup Comes With Multiple Configuration Choices Incl. Windows Or Linux OS, AMD or Intel And Discreet NVIDIA Graphics

Filed under
GNU
Linux
Microsoft

Huawei announced its latest line of MateBook laptops that feature a unique privacy-focused webcam design. The powerful, sleek and versatile portable computing devices come in multiple configurations. Interestingly, Huawei is also offering a choice between Windows and Linux operating systems. A while ago the company had apparently ditched Microsoft Windows 10 for Deepin OS completely, but the relaxation of the US-China trade war appears to have had an impact.

The latest Huawei MateBook D14 and D15 laptops are quite versatile in terms of hardware as well as software. Huawei is offering multiple configurations that allow buyers to choose either an Intel or AMD processor that can be paired with a discrete NVIDIA GPU. Interestingly, besides the hardware customization, the latest Huawei MateBook laptops could ship with either Windows 10 or a Linux OS installed on certain SKUs.

Read more

10 Reasons to Use Linux Mint in 2019

Filed under
GNU
Linux
Ubuntu

In the past, we have published articles listing the reasons to use a handful of Linux distros such as 10 Reasons to Use Arch Linux, 10 Reasons to Use Manjaro Linux, The 10 Best Reasons to Use Fedora Linux and today, we have a shift in our focus as this time around, our subject matter is Linux Mint.

Linux Mint is a community-driven Linux distribution with a major focus on making open-source goodies freely available and easily accessible in a modern, elegant, powerful, and convenient operating system. It is developed based on Ubuntu, uses dpkg package manager, and is available for x86-64 and arm64 architectures.

Linux Mint has been hailed by many as the better operating system to use when compared to its parent distro and has also managed to maintain its position on distrowatch as the OS with the 3rd most popular hits in the past 1 year.

Read more

Proprietary Software: Deaths, Rentals and Back Doors

Filed under
Software
  • Join us on our new journey, says Wunderlist – as it vanishes down the Microsoft plughole

    Three months after its former CEO pleaded with Microsoft to sell him back Wunderlist, the software giant has confirmed the worst: it really is killing the popular to-do app.

    On May 6, 2020, Microsoft will pull the plug on the app that it paid somewhere between $100m and $200m for in 2015. In its place, it is encouraging everyone to move to its To Do app, which is tightly integrated into the Microsoft ecosystem and, as a result, probably doesn’t work well with anything that isn’t Microsoft.

    Even after years of neglect, Wunderlist remains a very popular application for to-do tasks, in large part because it does that singular task extremely well, syncing across devices and allowing users to quickly and easily attach dates to tasks, as well as arrange them in different folders.

  • [Old] The economics of streaming is changing pop songs

    It helps to be included on a streaming company’s playlist. These account for roughly a third of all streams. Tracks are selected by opaque algorithms, but by analysing performance data you can work out what the bots like, says Chiara Belolo of Scorpio Music, a boutique label. Composers are adapting to what they think is being looked for. Hit songs are shorter. Intros have become truncated, says Mr Kalifowitz, “to get to the point a bit faster”.

    Choruses are starting sooner (see chart). Take this year’s most-streamed Spotify track. The first notes on “Señorita”, by Shawn Mendes, preview the refrain, which arrives 15 seconds in and is a fixture throughout the playing time of 3:10.

  • Apple, Facebook Clash With Senators Over Encryption, Backdoors

    In a Senate hearing on Tuesday, lawmakers on both sides of the aisle pushed the companies to let the police and other authorities access personal data that lies behind encryption on devices and technology platforms. Senators threatened to legislate if the private sector doesn’t offer solutions on its own.

  • The Senate Judiciary Committee Wants Everyone to Know It’s Concerned About Encryption

    This morning the Senate Judiciary Committee held a hearing on encryption and “lawful access.” That’s the fanciful idea that encryption providers can somehow allow law enforcement access to users’ encrypted data while otherwise preventing the “bad guys” from accessing this very same data.

    But the hearing was not inspired by some new engineering breakthrough that might make it possible for Apple or Facebook to build a secure law enforcement backdoor into their encrypted devices and messaging applications. Instead, it followed speeches, open letters, and other public pressure by law enforcement officials in the U.S. and elsewhere to prevent Facebook from encrypting its messaging applications, and more generally to portray encryption as a tool used in serious crimes, including child exploitation. Facebook has signaled it won’t bow to that pressure. And more than 100 organizations including EFF have called on these law enforcement officials to reverse course and avoid gutting one of the most powerful privacy and security tools available to users in an increasingly insecure world. 

Syndicate content

More in Tux Machines

Kernel: LWN Articles and Radeon Linux 5.6 Changes

  • Fixing SCHED_IDLE

    The scheduler implements many "scheduling classes", an extensible hierarchy of modules, and each class may further encapsulate "scheduling policies" that are handled by the scheduler core in a policy-independent way. The scheduling classes are described below in descending priority order; the Stop class has the highest priority, and Idle class has the lowest. The Stop scheduling class is a special class that is used internally by the kernel. It doesn't implement any scheduling policy and no user task ever gets scheduled with it. The Stop class is, instead, a mechanism to force a CPU to stop running everything else and perform a specific task. As this is the highest-priority class, it can preempt everything else and nothing ever preempts it. It is used by one CPU to stop another in order to run a specific function, so it is only available on SMP systems. The Stop class creates a single, per-CPU kernel thread (or kthread) named migration/N, where N is the CPU number. This class is used by the kernel for task migration, CPU hotplug, RCU, ftrace, clock events, and more. The Deadline scheduling class implements a single scheduling policy, SCHED_DEADLINE, and it handles the highest-priority user tasks in the system. It is used for tasks with hard deadlines, like video encoding and decoding. The task with the earliest deadline is served first under this policy. The policy of a task can be set to SCHED_DEADLINE using the sched_setattr() system call by passing three parameters: the run time, deadline, and period. To ensure deadline-scheduling guarantees, the kernel must prevent situations where the current set of SCHED_DEADLINE threads is not schedulable within the given constraints. The kernel thus performs an admittance test when setting or changing SCHED_DEADLINE policy and attributes. This admission test calculates whether the change can be successfully scheduled; if not, sched_setattr() fails with the error EBUSY. The POSIX realtime (or RT) scheduling class comes after the deadline class and is used for short, latency-sensitive tasks, like IRQ threads. This is a fixed-priority class that schedules higher-priority tasks before lower-priority tasks. It implements two scheduling policies: SCHED_FIFO and SCHED_RR. In SCHED_FIFO, a task runs until it relinquishes the CPU, either because it blocks for a resource or it has completed its execution. In SCHED_RR (round-robin), a task will run for the maximum time slice; if the task doesn't block before the end of its time slice, the scheduler will put it at the end of the round-robin queue of tasks with the same priority and select the next task to run. The priority of the tasks under the realtime policies range from 1 (low) to 99 (high).

  • Virtio without the "virt"

    One might ask why it makes sense to implement virtio devices in hardware. After all, they were originally designed for hypervisors and have been optimized for software rather than hardware implementation. Now that virtio support is widespread, the network effects allow hardware implementations to reuse the guest drivers and infrastructure. The virtio 1.1 specification defines ten device types, among them a network interface, SCSI host bus adapter, and console. Implementing a standards-compliant device interface lets hardware implementers focus on delivering the best device instead of designing a new device interface and writing guest drivers from scratch. Moreover, existing guests will work with the device out of the box, and applications utilizing user-space drivers, such as the DPDK packet processing toolkit, do not need to be relinked with new drivers — this is especially helpful when static linking is utilized. Implementing virtio in hardware also makes it easy to switch between hardware and software implementations. A software device can be substituted without changing guest drivers if the hardware device is acting up. Similarly, if the driver is acting up, it is possible to substitute a software device to make debugging the driver easier. It is possible to assign hardware devices to performance-critical guests while assigning software devices to the other guests; this decision can be changed in the future to balance resource needs. Finally, implementing virtio in hardware makes it possible to live-migrate virtual machines more easily. The destination host can have either software or hardware virtio devices.

  • 5.5 Merge window, part 1

    The 5.5 merge window got underway immediately after the release of the 5.4 kernel on November 24. The first week has been quite busy despite the US Thanksgiving holiday landing in the middle of it. Read on for a summary of what the first 6,300 changesets brought for the next major kernel release.

  • Radeon Linux 5.6 Changes Begin Queuing - Better Power Management, Adds DMCUB Controller

    While the Linux 5.5 merge window has just been over for less than one week, AMD has already submitted their first batch of feature updates to DRM-Next of new graphics driver material aiming for Linux 5.6 early next year.

Screencasts and Shows: Pisi Linux 2.1.2 Run Through, Linux Headlines, Going Linux, FLOSS Weekly and Selling Keynotes/Tweets at the Linux Foundation

GNOME at the Back End and GNOME Shell 3.35.2

  • Molly de Blanc: Keeping the (server) lights on

    Building and maintaining infrastructure for the GNOME project is one of the many activities of the GNOME Foundation, and it’s one of the most important. Building software like the GNOME desktop environment requires a lot of technical support, including managing servers and providing collaboration tools. Since GNOME is focused on being a self-sustaining community, we look as much as possible to managing our own services and software, and making sure it is free and open source. The GNOME Infrastructure Team currently supports a total of 34 virtual machines hosted on a total of eight bare metal nodes. These virtual machines allow us to run services like the Openshift Container Platform (OSCP), which provides self-service access to the community to run any of their workflows on an automated and containarized fashion. GNOME is build using self-hosted FOSS. We collaboratively build GNOME using a GitLab instance, which has a total of 15k accounts. We do shared storage using NextCloud. Community discussion is handled over Mailman, Discourse, and MoinMoin. We are currently using Indico and Connfa for our event planning and management.

  • GNOME Shell 3.35.2 Begins Launching Spawned Processes Within Systemd Scopes

    Out today is a new development release of GNOME Shell on the road to GNOME 3.36 in March. Among the changes in this new GNOME Shell snapshot include: - Spawned processes are now placed within systemd scopes in order to improve out-of-memory behavior for applications, an easy means of being able to kill other processes when the shell is restarted, and other use-cases. Systemd scopes allow managing of processes for organization and resource management purposes.

Security: Proprietary Software Holes and More

  • It's the end of the 20-teens, and your Windows PC can still be pwned by nothing more than a simple bad font

    With the year winding to a close and the holiday parties set to kick off, admins will want to check out the December Patch Tuesday load from Microsoft, Adobe, Intel, and SAP and get them installed before downing the first of many egg nogs. [...] Also of note is CVE-2019-1471, a critical hypervisor escape bug that would allow an attacker running on a guest VM to execute code on the host box. The bulk of this month's critical fixes were for a series of five remote code execution flaws in Git for Visual Studio. In each of the flaws, said to be caused by improper handling of command-line input, an attacker would launch the exploit by convincing the target to clone a malicious repo. The remaining critical patch is for CVE-2019-1468, a play on the tried-and-true font-parsing vulnerability. In the wild, an attacker would embed the poisoned font file in a webpage and attack any system that visits.

  • Exploring Legacy Unix Security Issues

    The operating system SGI IRIX 6.5.22 was declared end of life in 2003, so it has limited use as a production system. I decided I could relive the good old days by looking for new vulnerabilities on an old system in my spare time. It was also an excuse to write some C code, and refresh my memory. One of my favorite vulnerabilities is the Insecure Temporary File (CWE-377). This involves manipulating files created in /tmp in an insecure manner. A file is created in /tmp by a piece of software that doesn’t check if the file exists before creating it. Allowing a malicious local user to symlink that file to a critical system file and overwriting it with the contents of what is written to the file in /tmp. So I started looking under the /usr/sbin directory for binaries to target. I did a quick examination of binaries and scripts in using the find command to give myself a starting point.

  • Private Internet Access updates Linux desktop client to prevent against [CVE-2019-14899]

    The Breakpointing Bad team at the University of New Mexico recently reported a VPN vulnerability that affects Linux, MacOS, iOS, Android, and more. The vulnerability allows malicious actors to not only see your VPN IP address, but also identify sites you are visiting and inject data into connections. The team consists of William J. Tolley, Beau Kujath, and Jedidiah R. Crandall and the public was notified on December 4th, 2019. Designated [CVE-2019-14899], the vulnerability shook the VPN industry due to the breadth of affected systems. [CVE-2019-14899] affects many different types of VPN protocols including OpenVPN, WireGuard, and IKEv2/IPSec. Private Internet Access has released an update to its Linux client that mitigates [CVE-2019-14899] from being used to infer any information about our users’ VPN connections. To our knowledge, Private Internet Access is the first commercial VPN to release a new client that prevents this ongoing security vulnerability.

  • Chrome now warns you when your password has been stolen

    Google is rolling out Chrome version 79 today, and it includes a number of password protection improvements. The biggest addition is that Chrome will now warn you when your password has been stolen as part of a data breach. Google has been warning about reused passwords in a separate browser extension or in its password checkup tool, but the company is now baking this directly into Chrome to provide warnings as you log in to sites on the web.