In 1998, the movie Titanic was released, mobile phones were just a luxury, and pagers were still in use. This was also the year I got my first computer. I can remember the details as if it were yesterday: Pentium 133MHz and just 16MB of memory. Back in that time (while running nothing less than Windows 95), this was a good machine. I can still hear in my mind the old spinning hard drive noise when I powered that computer on, and see the Windows 95 flag. It never crossed my mind, though (especially as an 8-year-old kid), that I would dedicate every minute of my life to Linux and open source.
Being just a kid, I always asked my mom to buy me every issue of PC Magazine instead of candies. I never skipped a single issue, and all of those dusty old magazines are still there in Costa Rica. It was in these magazines that I discovered the essential technology that changed my life. An issue in the year 2000 talked extensively about Linux and the advantages of free and open-source software. That issue also included a review of one of the most popular Linux distributions back then: Corel Linux. Unfortunately, the disc was not included. Without internet at home, I was out of luck, but that issue still lit a spark within me.
Elementary OS is one of the most beautiful and clean-looking operating systems available for use in computers. It is fast, open and privacy-oriented. Elementary has its characteristic design philosophy and made aesthetic use of colours. Over the years, this free-to-use operating system has collected heavy praise by reviewers around the world – making it a strong replacement option for both Windows and Mac users.
The initial development of ElementaryOS started with building themes and applications for Ubuntu, which later inspired the developers to transform it into a full-fledged Linux distribution. The first release of the operating system was on 31 March 2011, and so far, it has been through continuous bugfix and major feature updates.
The Elementary OS took shape with the concept of making Linux easier for non-technical users. Instead of terminal-based codes, elementary provides a graphical user interface and settings menus to allow users to perform almost all day-to-day tasks without writing any code.
Last week the laptop I use for macOS development said that there is an XCode update available. I tried to install it but it said that there is not enough free space available to run the installer. So I deleted a bunch of files and tried again. Still the same complaint. Then I deleted some unused VM images. Those would free a few dozen gigabytes, so it should make things work. I even emptied the trash can to make sure nothing lingered around. But even this did not help, I still got the same complaint.
At this point it was time to get serious and launch the terminal. And, true enough, according to df the disk had only 8 gigabytes of free space even though I had just deleted over 40 gigabytes of files from it (using rm, not the GUI, so things really should have been gone). A lot of googling and poking later I discovered that all the deleted files had gone to "reserved space" on the file system. There was no way to access those files or delete them. According to documentation the operating system would delete those files "on demand as more space is needed". This was not very comforting because the system most definitely was not doing that and you'd think that Apple's own software would get this right.
After a ton more googling I managed to find a chat buried somewhere deep in Reddit which listed the magical indentation that purges reserved space. It consisted of running tmutil from the command line and giving it a bunch of command line arguments that did not seem to make sense or have any correlation to the thing that I wanted to do. But it did work and eventually I got XCode updated.
After my blood pressure dropped to healthier levels I got the strangest feeling of déjà vu. This felt exactly like using Linux in the early 2000s. Things break at random for reasons you can't understand and the only way to fix it is to find terminal commands from discussion forums, type them in and hope for the best. Then it hit me.
After opening preorders back in July 2019 for the new Pinebook Pro Linux laptop, creator and manufacturer PINE64 has this week started shipping out the new Lenox laptop to customers. Powered by a 64-Bit Dual-Core ARM 1.8GHz Cortex A72 and Quad-Core ARM 1.4GHz Cortex A53 supported by Quad-Core MALI T-860 graphics and 4 GB LPDDR4 Dual Channel System DRAM Memory the Linux laptop is available to purchase priced at $199. Check out the video below for a quick overview of what you can expect from the PINE64 Pinebook Pro Linux laptop.
On the road during the **All Things Open** conference, Klaatu talks about how to make ebooks from various sources, with custom CSS, using the Pandoc command.
Josh and Kurt about a number of Microsoft security news items. They've changed how they are handling encrypted disks and are now forcing cloud logins on Windows users.
Richard Stallman's GNU leadership is challenged by an influential group of maintainers, SUSE drops OpenStack "for the customer," and Google claims Stadia will be faster than a gaming PC.
Plus OpenLibra aims to save us from Facebook but already has a miss, lousy news for Telegram, and enormous changes for AMP.
Things continue to look fairly normal, with rc3 being larger than rc2, as people are starting to find more regressions, but 5.4 so far remains on the smaller side of recent releases.
The diffstat looks fairly flat too, although we had a couple of staging drivers being removed here that show up as spikes. Drivers in general account for about two thirds of the diff, and it's not just those staging drivers, it's other small noise all over the place: usb, drm, iio, rdma..
Outside of drivers, filesystems pop up more than perhaps usual, but it's again mostly low-grade noise all over: btrfs, cifs, nfs, ocfs, xfs and some core vfs fixes.
The rest is arch updates (mainly arm64, x86, mips), tooling (mostly perf tooling updates, but also some selftest fixlets), documentation, and misc core kernel and mm stuff.
There really isn't anything huge that stands out. You can scan the appended shortlog for a flavor of the details, it's not too long to just scroll through.
Linus
Linux Virtualization Manager can manage multiple on-premises hosts running Oracle Linux KVM. Oracle enhanced Linux KVM in the Unbreakable Enterprise Kernel (UEK) Release 5, an OS kernel tested and optimized for Oracle Linux 7 Update 5.
Because Linux KVM is the same hypervisor used for Oracle Cloud Infrastructure, admins have an easy migration path from the Linux Virtualization Manager environment to the Oracle Cloud platform. Linux Virtualization Manager also supports importing and exporting software appliances based on the Open Virtualization Format and Open Virtualization Archive standards.
Oracle based Linux Virtualization Manager on the oVirt project, an open source virtualization platform developed by Red Hat. Linux Virtualization Manager relies on the oVirt engine for discovering KVM hosts and configuring storage and network resources. The platform supports KVM administration for multinode environments, offering a large-scale, centralized management platform for server and desktop virtualization.
With devices beginning to hit store shelves using the new Intel WiFi 6 AX200 series chipsets, the firmware binaries have landed in linux-firmware.git for rounding out support for these latest WiFi/Bluetooth adapters.
For a few kernel releases now since earlier this year these new Intel wireless chipsets have been supported by the mainline kernel but the firmware hasn't been part of the de facto linux-firmware.git tree that houses the various firmware binaries for different hardware component support under Linux.
SHADERed is the open-source, cross-platform project for creating and testing HLSL/GLSL shaders. While a version number of 1.2.3 may not seem like a big update, some notable additions can be found within this new SHADERed release.
Succeeding Vulkan 1.1.124 one week later is now Vulkan 1.1.125 with a lone new extension.
Vulkan 1.1.125 has its usual clarifications and corrections to this graphics API specification. Meanwhile the new extension introduced in the overnight v1.1.125 release is VK_KHR_spirv_1_4.
Adobe Photoshop is a premium image editing and design tool available for Windows and macOS. Undoubtedly, almost everyone knows about it. It’s that popular. Well, you can use Photoshop on Linux using Windows in a virtual machine or by using Wine – but that is not an ideal experience.
In general, we don’t have a lot of options available as a replacement for Adobe Photoshop. However, in this article, we shall mention some of the best open-source Photoshop alternatives available for Linux (with cross-platform support as well).
Do note that Photoshop is not just a photo editor. It’s used by photographers, digital artists, professional editors for various usage. The alternative software here may not have all the features of Photoshop but you can use them for various task that you do in Photoshop.
The Command Line Interface (CLI) is a way of interacting with your computer. And if you ever want to harness all the power of Linux, it’s highly recommended to master it. It’s true the CLI is often perceived as a barrier for users migrating to Linux, particularly if they’re grown up using GUI software exclusively. While Linux rarely forces anyone to use the CLI, some tasks are better suited to this method of interaction, offering inducements like superior scripting opportunities, remote access, and being far more frugal with a computer’s resources.
For anyone spending time at the CLI, they’ll rely on the shell prompt. I always seem to gravitate back to Bash even though I’ve used more than a dozen shells over the years. By default, the configuration for Bash on popular distributions identifies the user name, hostname, and the current working directory. I recently reviewed Liquid Prompt, an intelligent and non-intrusive prompt for Bash and zsh.
starship is an alternative to Liquid Prompt. The software aims to show information you need while you’re working, yet being unobtrusive as possible.
The spooky season is almost here! This year, decorate your haunt with a unique Halloween lantern made with open source!
Typically, a portion of a lantern's structure is opaque to block the light from within. What makes a lantern a lantern are the parts that are missing: windows cut from the structure so that light can escape. While it's impractical for lighting, a lantern with windows in spooky shapes and lurking silhouettes can be atmospheric and a lot of fun to create.
This article demonstrates how to create your own lantern using Inkscape. If you don't have Inkscape, you can install it from your software repository on Linux or download it from the Inkscape website on MacOS and Windows.
Almost time to begin another week full of news, before we do let's run over a few interesting happenings recently.
Let's start with two bits of recent news about Godot Engine, the free and open source game engine. The 3.2 release cycle is going strong, with a second alpha release now available. A massive list of new features and improvements coming to Godot 3.2 can be found here. What's even more exciting though is the Vulkan work coming with Godot Engine 4.0, with another short progress report post up for it. The new visual frame profiler coming certainly looks useful to help developers squeeze out some more performance.
More AMD news for you, as it has been reported by Wccftech that AMD now command around 30%+ market share of the CPU market. That's some very impressive growth, pushed forward by the Zen microarchitecture from 2017. As seen in the graph below from cpubenchmark.net, this is the highest they've seen it since 2007.
British indie studio SFB Games, developer of the highly rated Detective Grimoire are working on a new game called Tangle Tower and with a little push they could bring it to Linux.
Tangle Tower is a fully voiced point and click murder mystery adventure, set in a strange and twisted mansion. You will need to interrogate suspects and solve unique puzzles as you progress. Looks and sounds like a great game. Sadly though it's currently scheduled to release later this month only for Windows and macOS on October 22nd, so no Linux support at launch.
Today I came across Lawgivers, a turn-based political simulation game which recently added Linux support and it looks like it could be a lot of fun.
Since it's a political sim, you will be tasked with leading your party into elections. If you manage to get voted in, you will be responsible for approving laws and shaping your country’s destiny.
After a short delay, you can now jump into Foreskin Fury and have a cock fight. Yes this is a very real game.
Made in Unreal Engine, the aptly named Stupid Industries said it started off as a joke and they ended up actually learning Blender and Unreal Engine to turn the joke into something a little more real. Here we are, Foreskin Fury was accepted onto Steam and it supports Linux.
The Fertile Crescent is an upcoming in-development indie RTS that feels like a retro Age of Empires and it's really quite good. A new update is out (and it's still free) fixing up the UI for different resolutions.
I think more of you need to try this one, it's a wonderful little RTS game that I honestly can't wait to see expand. Hopefully now more of you actually will be able to try it, as they've made it so the interface properly scales with your resolution. Previously, there were problems if you had anything other than 1080p. Not only that, most of the interface was actually redesigned and it gives you more information.
Sony recently upgraded the system software on the PlayStation 4 which broke compatibility with the open source Remote Play client Chiaki. The developer acted quickly and a new release is up.
This is the software we tested out recently and came away pretty impressed with it. Allowing you to stream games from a PlayStation 4 to a Linux desktop, seriously handy stuff since Sony don't support it on Linux officially.
Developer Twirlbound and publisher Kongregate have announced today that Pine is now available on PC, Mac, and Linux. In addition, a launch trailer has been released that shows off the beautiful and animated world of Albamare. The adventure simulation has players control Hue, a young explorer on a mission to find a new home for himself and his small tribe.
The launch trailer features combat, trading, exploration, archery, horseback riding, and dangerous creatures. Check it out below.
My name is Fabian Mosakowski and I’m an aspiring illustrator living in France. I’m currently working on my portfolio creating an illustrated fantasy tale called “If Only Blood Was Red”. It deals with what’s left of humans thriving to survive in a land that doesn’t welcome them.
Currently as a hobby artist. I made a few comissions for close relatives but I’d like to make it professional once my portfolio will be done.
Mainly fantasy as it’s the narrative thread of my project but I also mix it with dark art, another genre I really enjoy, to fit the story atmosphere. I also occasionnally work in vectorial or comic book style for lighter projects.
Archman is an Arch Linux-based distribution developed in Turkey. The project's website is available in both Turkish and English, which makes the distribution approachable to non-Turkish audiences. Archman has various releases with different desktop environments and release dates. In this review, I will be reviewing Archman's Xfce 2019-09 release, which is codenamed Lake With Fish.
To begin, I downloaded the 1.6GB ISO and copied it to a flash drive. I rebooted my computer, turned off Secure Boot, and started Archman from the flash drive. The boot process was quick, but I ended up at a graphical login screen instead of a working desktop environment. I pressed the Enter key and I logged in without needing a password.
The live desktop looked very nice. It is an interesting blend of classic and modern. The live desktop has icons for the user's home folder and Trash. There is also a shortcut for Hexchat and the Calamares Archman Installer. The panel at the bottom of the screen holds the application menu, shortcuts for showing the desktop/quickly minimizing all running applications, Firefox, the user's home folder, sections for the currently running applications, switching desktops, a clock, Bluetooth and wireless controls, a battery meter, update notifications, volume control, and a log out/reboot/shutdown shortcut. The panel is 70% the width of the screen and set to automatically hide.
I looked around the live desktop for a little while. I tested to make sure that everything was working okay with my hardware, and once I was certain that all my hardware worked, I moved on to installing Archman.
In this video, I am going to show an overview of Xubuntu 19.04 and some of the applications pre-installed.
In this video, we are looking at Manjaro 19.09.28 KDE-DEV.
The Gentoo distfile mirror network is essential in distributing sources to our users. It offloads upstream download locations, improves throughput and reliability, guarantees distfile persistency.
The current structure of distfile mirrors dates back to 2002. It might have worked well back when we mirrored around 2500 files but it proved not to scale well. Today, mirrors hold almost 70 000 files, and this number has been causing problems for mirror admins.
OpenStack chief operating officer Mark Collier told The Reg that while SUSE's decision to abandon its OpenStack Cloud product is "obviously disappointing", adoption is "strong and growing".
SUSE's decision that it will "cease production of new versions of SUSE OpenStack Cloud" and "discontinue sales of SUSE OpenStack Cloud" is significant, given that it had a seat on the OpenStack board as a Platinum member – one of only eight companies which commits to provide major funding and full-time resources to the OpenStack Foundation, the others being AT&T, Ericsson, Huawei, Intel, Rackspace, Red Hat and Tencent. SUSE will now "carefully transition our board position and sponsorship level" according to a statement sent to The Reg, though it promises continued involvement at some level.
It is tempting therefore to treat Collier's remarks to The Reg as damage limitation, but in this case he has a point. OpenStack, which is a set of projects that enables users to run private clouds, has a huge customer base and its market is growing by about 20 per cent a year, according to recent figures and projections. There is not much competition if you want to run an open-source private cloud, and there can be good reasons to do so.
The openSUSE.Asia Summit is one of the big events for the openSUSE community (i.e. both contributors and users) in Asia. Those who normally communicate online can meet from all over the world, talk in person and have fun. Members of the community share their current knowledge, experience and learn FLOSS technologies around openSUSE. The openSUSE.Asia Summit 2019 took place from October 5 to October 6, 2019 at the Information Technology Department, Faculty of Engineering, Udayana University, Bali.
Forking the Linux kernel and using it as the basis of an Enterprise product is a challenging task. The pace of development in the upstream Linux kernel makes it hard to keep up with all the fixes that need to be backported. This article describes the process we use at SUSE to find and backport potentially required upstream fixes to our kernels.
[...]
Every fix that is reported will be evaluated by a developer and either backported to the kernel branches that need it or blacklisted, so that the fix is no longer considered. But who is the best person (or group) to report a fix to? The answer is easy if the fix is for a patch that was backported by someone within SUSE as part of a service pack development cycle. In that case the person who backported the patch is tasked with reviewing the associated fix. The same happens with upstream fixes that are authored or committed by a SUSE employee. Assigning fixes for patches that are part of the base-kernel is a bit more complicated. To that end we have introduced a maintainer model with an internal list of experts for most parts of the Linux kernel. The approach is similar to the MAINTAINERS file in the upstream Linux kernel, but the file at SUSE is simpler. It only contains a list of people and several path-specs per entry. Each potential fix for the base-kernel is matched against the path-specs in the maintainers list and assigned to the best matching entry. The fix is reported to the developers listed in the matching entry. But not all fixes could be assigned that way because the SUSE maintainers list does not cover the whole kernel source tree. For the remaining fixes a heuristic is used. It is based on which source code files in the kernel source tree are touched by the backports of each developer. This is matched against the file(s) a fix touches.
Linux as an operating system platform as well as other Open Source technologies as core elements are used in SAP infrastructures. This is applicable for Cloud as well as on-premises deployment. Thus, they are equipped for the Hybrid Multicloud age. Open Source arrived in the SAP world a long time ago. The Walldorf-based software company contributed to this development when it made the decision to only use the Linux operating system platform along with SAP Hana and Hana-based application solutions such as S/4.
And the trend towards Linux with NetWeaver-based infrastructures with AnyDB has already provided the impetus for the deep penetration of Linux. The Hana figures quoted by SAP recently (during this year’s Sapphire conference) speak to this significance. The company now has 50,000 Hana licenses. In addition to Linux, other Open Source solutions are used in SAP environments in conjunction with Data Science and the use of Kubernetes. Kubernetes is used for the orchestration of containers as part of SAP Data Hub environments.
There was a recent update in my repository of LibreOffice packages, but that libreoffice-6.3.2 was just for slackware-current.
There’s a recent release in the LibreOffice 6.2 stable series as well (ok… five weeks ago, not that recent…), and so I decided to use my build box’s free weekend to come up with packages for LibreOffice 6.2.7. This release has a security improvement over previous versions, in that it will popup a warning to the user if a document tries to run an embedded script (similar to existing warning mechanism for embedded macros).
You can now download the latest Tails release candidate that not only comes with increased privacy but also Linux 5.3 and Tor Browser 9.
Before delving into the news, let’s have a bit of an introduction to Tails, shall we? It sells itself as a live incognito system that focuses on user anonymity and privacy. With Tails, you will be able to browse the Internet without leaving traces, get access to censored content, and have all your messages, files, and emails encrypted.
bpfcc version 0.11.0 has been uploaded to Debian Unstable and should be accessible in the repositories by now. After the 0.8.0 release, this has been the next one uploaded to Debian.
Back during the good days of DebConf19, I finally got a chance to meet Holger! As amazing and inspiring a person he is, it was an absolute pleasure meeting him and also, I got a chance to talk about Debian LTS in more detail.
[...]
I had almost no idea what to do next, so the next month I stayed silent, observing the workflow as people kept committing and announcing updates. And finally in September, I started triaging and fixing the CVEs for Jessie and Stretch (mostly the former). Thanks to Abhijith who explained the basics of what DLA is and how do we go about fixing bugs and then announcing them. With that, I could fix a couple of CVEs and thanks to Holger (again) for reviewing and sponsoring the uploads! :D
News from the new Ubuntu distribution, the exploration of the several platforms and many “how to”, rule the 4-days agenda where the open source and open technologies are in the air.
The Olga Cadaval Cultural centre in Sintra, is the main stage of a busy agenda filled with several talks and more technical sessions, but at Ubucon Europe there’s also room for networking and cultural visits, a curious fusion between spaces full of history, like the Pena Palace or the Quinta da Regaleira, and one of the youngest “players” in the world of software.
For 4 days, the international Ubuntu Community gathers in Sintra for an event open to everyone, where the open source principles and open technology are dominating. The Ubucon Europe Conference begun Thursday, October 10th, and extends until Sunday, October 13th, keeping an open doors policy to everyone who wants to
Afterall, what is the importance of Ubucon? The number of participants, which should be around 150, doesn’t tell the whole story of what you can learn during these days, as the SAPO TEK had the opportunity to check this morning.
Organised by the Ubuntu Portugal Community, with the National Association for Open Software, the Ubuntu Europe Federation and the Sintra Municipality, the conference brings to Portugal some of the biggest open source specialists and shows that Ubuntu is indeed alive, even if not yet known by most people, and still far from the “world domain” aspired by some.
Win Enterprises unveiled a fanless “PL-82000” networking gateway with 6x GbE and 2x SFP ports based on an Atom C3000. It also launched a Raspberry Pi sized “MB-5000” SBC that runs Ubuntu or Win 10 on Intel Apollo Lake.
We tend to forget Win Enterprises because as its name suggests, the company typically sticks to Windows-supported products. Yet, they have increasingly produced barebones products without listed OS support, such as the new PL-82000 networking appliance, as well as Linux supported systems such as the MB-5000 SBC announced back in June. (In 2017, we covered an Intel Bay Trail based MB-80580 SBC and Win IoT-380 Gateway with Linux support.)
Android OS runs on a variety of devices, both phones and tablets. At any given time, there will be several different versions of the OS running on a myriad of devices. What complicates things even more is that not all these devices run the same Android. Many device manufacturers e.g. Samsung, will modify Android OS to give users of their devices a custom experience. The Android OS you use on, for example, a Xiaomi device will be very different from what you get on a Samsung phone, a Pixel phone, or a Nokia phone.
With so much variation in devices and the OS itself, it makes it difficult to back up the data on an Android phone. Unlike iOS, there’s no official app that lets you reliably back up and restore any Android phone. Google’s cloud backups are time consuming, especially if you have lots of apps and photos. That’s why you’ll find there’s a large market for apps that fill this gap.
During the dot-com bubble in the 1990s, one common software stack for web applications was LAMP, which originally stood for Linux (OS), Apache (web server), MySQL (relational database), and PHP (server programming language). MySQL was the preferred database mostly because it was free open source and had good read performance, which fit well with “Web 2.0” apps that dynamically generated sites from the database.
Later the MEAN stack, which stood for MongoDB (document database), Express (web server), AngularJS (front-end framework), and Node.js (back-end JavaScript runtime), came to prominence. The MEAN stack was attractive, among other reasons, because the only language you needed to know was JavaScript. It also needed less RAM than an equivalent LAMP stack.
Fast, Simple and Effective Business Management- this is the motto of Odoo, the leading open source ERP of the globe. And this is what makes Odoo the prominent and most favorite choice among business enterprises. With the release of Odoo 13, the open-source ERP has become all more fit and robust to meet the diversified needs of businesses. With Odoo 13 users can go along with better designs and customizations. With each version release, Odoo makes it a point to bring in major and minor improvements in the application, alongside a set of new features for improving the user interface and functionality of the user. The users worth 3.4 million is the evidence of Odoo being the finest application for business management.
The WordPress Project is on a mission to democratize publishing. As WordPress empowers more people to participate in the digital space, we have the opportunity to make sure that everyone can participate safely and responsibly. Today marks the start of Digital Citizenship Week. We are going to share how open source can be used as a tool for learners (regardless of age) to practice and model the essential parts of being a good digital citizen.
[...]
Digital Citizenship is for all age groups. Anyone who uses the internet on a computer, mobile device or a TV is a digital citizen. You don’t have to be tech-savvy already, maybe you are taking your first steps with technology. Digital Citizenship Week is a chance to reflect together on our impact on the digital world. It can help us to make our consumption more considered and our interaction friendlier. It enables us to make a positive difference to those around us.
All of us can strive (or learn) to become better digital citizens. It can be affected by the access those teaching have had to digital skills and good practice. Adult education classes and community tech hubs play a part in basic tech skill development. Unfortunately, these are not always accessible to those in less populated geographic locations.
Open source communities like WordPress already make a difference in encouraging the principles of digital citizenship, from sharing tech skills to improving security knowledge. They give people an opportunity to learn alongside their peers and many of the resources are available regardless of location, resources, or skills.
Similar thing happened to Stallman. Actually in an ironic way. This community is created by Stallman only. By 1980s beginning software sharing community was ceased to exist. Then 1983 Stallman himself gave birth to a new community with all legal protection. Because before there were no legal framework for sharing software. Stallman used copyleft idea and GPL to create such a community. There were no help and there were no support. Last 35 years he worked for that.
Now some new bosses think that he dont look good. He is boring, repeating same thing all these 35 years. Lets get rid off him. You idiots, actually this is his house. You people piggybacked there.
Still you can have a say if Stallman did anything wrong about free software. But there is nothing he did wrong. Still again I may support you if you with some guts initiate a trial against him on your own behalf. But you did nothing. Instead what you a shameless creature did? Hiding bind an upset woman reacting to smear campaign and lies. This is unacceptable and unethical.
In the last few years I have come across the CLA topic several times. It is and will be a popular topic in automotive the coming years, like in any industry that moves from being an Open Source Producer towards becoming an Open Source Contributor.
In my experience, many organizations take the CLA as a given by looking at the google, microsoft or intels of the world and replicate their model. But more and more organizations are learning about alternatives, even if they do not adopt them.
What I find interesting about discussing the alternatives is that it brings to the discussion the contributor perspective and not just the company one. This enrichs the debate and, in some cases, leads to a more balanced framework between any organization behind a project and the contriibutor base, which benefits both.
Throughout these years I have read a lot about it but I have never written anything. It is one of those topics I do not feel comfortable enough to write about in public probably because I know lots of people more qualified than I am to do so. What I can do is to provide some articles and links that I like or that have been recommended to me in the past.
Recently, Tomasz Mloduchowski posted a popular article on his blog detailing the steps he undertook to get access to the hidden PCIe interface of Raspberry Pi 4: the first Raspberry Pi to include PCIe in its design. After seeing his post, and realizing I was meaning to go buy a Raspberry Pi 4, it just seemed natural to try and replicate his results in the hope of taking it a bit further. I am known for Raspberry Pi Butchery, after all.
Why did I do it? Because I wanted to see if it can be done. Because Raspberry Pi 4 might be the cheapest device that is PCIe capable after a relatively minor modification (if I didn't lift the capacitors when desoldering the VL805, this is literally 12 soldering points). That, in turn, can be quite handy for developing own PCIe cores for various FPGA based experiments.
I'm sharing it to allow people to learn from this - and to dispel the myth that PCIe is somehow out of reach of hobbyists due to some concerns over signal integrity or complexities. Stay tuned for more Pi4/PCIe experimentation!
In this post, we are going to learn how to read SAS (.sas7dbat) files in Python.
As previously described (in the read .sav files in Python post) Python is a general-purpose language that also can be used for doing data analysis and data visualization.
A few nights ago I wrote daudin, a command-line shell based on Python. It allows you to easily mix UNIX and Python on the command line.
This tutorial describes various ways to convert Python string to int and from an integer to string. You may often need to perform such operations in day to day programming. Hence, you should know them to write better programs.
Also, an integer can be represented in different bases, so we’ll explain that too in this post. And there happen to be scenarios where conversion fails. Hence, you should consider such cases as well and can find a full reference given here with examples.
It was recently discovered that several thousand scientific articles could be invalid in their conclusions because scientists did not understand that Python’s glob.glob() does not return sorted results.
This is being reported on by Vice, Slashdot and there’s an interesting discussion going on over on Reddit as well.
This week we welcome Elana Hashman (@ehashdn) as our PyDev of the Week! Elana is a director of the Open Source Initiative and a fellow of the Python Software Foundation. She is also the Clojure Packaging Team lead and a Java Packaging Team member. You can see some of her work over on Github. You can also learn more about Elana on her website. Let’s take a few moments to get to know her better!
Eclipse Che 7, an open source in-the-browser development environment, allows you to define custom workspaces for your software development. Think of a workspace as you would think of a development PC: You have an operating system, programming language support, and all the tools necessary to write code. In this article, I’ll introduce the .NET developer to this new world and highlight ways you can use Eclipse Che to your advantage.
Some times you may require to convert any string to lower case (all letters). This tutorial will help to convert a string (any case) to lower case as showing in the below image.
I manage releases for a bunch of free & open-source software. Just about every time I ship a release, I find a novel way to fuck it up. Enough of these fuck-ups have accumulated now that I wanted to share some of my mistakes and how I (try to) prevent them from happening twice.
Django 3.0 beta 1 is now available. It represents the second stage in the 3.0 release cycle and is an opportunity for you to try out the changes coming in Django 3.0.
Django 3.0 has a raft of new features which you can read about in the in-development 3.0 release notes.
Only bugs in new features and regressions from earlier versions of Django will be fixed between now and 3.0 final (also, translations will be updated following the "string freeze" when the release candidate is issued). The current release schedule calls for a release candidate in a month from now with the final release to follow about two weeks after that around December 2. Early and often testing from the community will help minimize the number of bugs in the release. Updates on the release schedule schedule are available on the django-developers mailing list.
Two years after the "Stack Clash" vulnerability came to light, the LLVM compiler is working on adding protection against it similar to the GCC compiler mitigation.
The Stack Clash vulnerability pertains to clashing/smashing another program's stack while circumventing existing stack protections at the time. Stack Clash opens up the door to memory corruption and arbitrary code execution. Linux x86/x86_64 wasn't the only one affected but also the BSDs and Solaris. Those unfamiliar with it or wanting to refresh your memory of it can do so via this Qualys blog post with the firm having discovered this vulnerability.
Please note that there's an official pocl maintenance policy in place. This text describes the policy and how you can get your favourite project that uses OpenCL to remain regression free in the future pocl releases.
Version 1.4 has been released of POCL, the "Portable Computing Language" implementation that allows for a portable OpenCL implementation to be executed on CPUs as well as optionally targeting other accelerators via HSA or even CUDA devices.
POCL 1.4 brings support for LLVM Clang 9.0, with that open-source compiler stack doing a lot of POCL's heavy lifting. Support meanwhile for pre-6.0 LLVM releases were removed. POCL 1.4 also adds support for building relocatable POCL binaries and improves SPIR/SPIR-V support for CPU devices.
Not every programmer likes creating GUI code. Most hacker types don’t mind a command line interface, but very few ordinary users appreciate them. However, if you write command line programs in Python, Gooey can help. By leveraging some Python features and a common Python idiom, you can convert a command line program into a GUI with very little effort.
The idea is pretty simple. Nearly all command line Python programs use argparse to simplify picking options and arguments off the command line as well as providing some help. The Gooey decorator picks up all your options and arguments and creates a GUI for it. You can make it more complicated if you want to change specific things, but if you are happy with the defaults, there’s not much else to it.
At first, this article might seem like a Python Fu and not a Linux Fu, since — at first — we are going to focus on Python. But just stand by and you’ll see how this can do a lot of things on many operating systems, including Linux.
Python 3.8.0 is the newest major release of the Python programming language, and it contains many new features and optimizations.
The newest version of Python is released today! Python 3.8 has been available in beta versions since the summer, but on October 14th, 2019 the first official version is ready. Now, we can all start playing with the new features and benefit from the latest improvements.
What does Python 3.8 bring to the table? The documentation gives a good overview of the new features. However, this article will go more in depth on some of the biggest changes, and show you how you can take advantage of Python 3.8.
For the first time, people who are deaf or hard of hearing will be able to enjoy the Nairobi leg of the€ Human Rights Watch Film Festival, opening on October 15.
Nowadays, business networks often use a VPN (virtual private network) for secure communications with workers. However, the protocols used can sometimes make performance slow. If you can reach reach a host on the remote network with SSH, you could set up port forwarding. But this can be painful, especially if you need to work with many hosts on that network. Enter sshuttle — which lets you set up a quick and dirty VPN with just SSH access. Read on for more information on how to use it.
The sshuttle application was designed for exactly the kind of scenario described above. The only requirement on the remote side is that the host must have Python available. This is because sshuttle constructs and runs some Python source code to help transmit data.
[...]
Depending on the capabilities of your system and the remote system, you can use sshuttle for an IPv6 based VPN. You can also set up configuration files and integrate it with your system startup if desired. If you want to read even more about sshuttle and how it works, check out the official documentation.
Firefox not only renders web pages on the internet but also ships with a variety of built-in pages, commonly referred to as about:pages. Such about: pages provide an interface to reveal internal state of the browser. Most prominently, about:config, which exposes an API to inspect and update preferences and settings which allows Firefox users to tailor their Firefox instance to their specific needs.
Since such about: pages are also implemented using HTML and JavaScript they are subject to the same security model as regular web pages and therefore not immune against code injection attacks. More figuratively, if an attacker manages to inject code into such an about: page, it potentially allows an attacker to execute the injected script code in the security context of the browser itself, hence allowing the attacker to perform arbitrary actions on the behalf of the user.
To better protect our users and to add an additional layer of security to Firefox, we rewrote all inline event handlers and moved all inline JavaScript code to packaged files for all 45 about: pages. This allowed us to apply a strong Content Security Policy (CSP) such as ‘default-src chrome:’ which ensures that injected JavaScript code does not execute. Instead JavaScript code only executes when loaded from a packaged resource using the internal chrome: protocol. Not allowing any inline script in any of the about: pages limits the attack surface of arbitrary code execution and hence provides a strong first line of defense against code injection attacks.
Today, we have updated IPFire on AWS to IPFire 2.23 - Core Update 136 - the latest official release of IPFire.
This update includes security fixes for OpenSSL and the Linux kernel, an updated Perl, and of course many other fixes throughout the whole system.
Great news, everyone! Forrester Research says that 95% of all recorded breaches in 2016 came from only three industries: government, technology, and retail. Everyone else is safe... ish, right?
Hold on for a moment. Tech? Retail? What kind of industry diversification is this? We are, after all, living in 2019, where every business is a tech business. And all of us are continuously selling something, whether it’s an innovative product or an amazing service.
So what the report should have said is that 95% of all recorded breaches came from attacks on 95% of all businesses both online and offline. And some of the attackers went for the .gov.
More on the matter, 43% of attackers target small businesses—and that’s a lot considering that, on average, a hack attempt takes place every 39 seconds.
To top things off, the average cost of a data breach in 2020 is expected to exceed $150 million. These stats sound a bit more terrifying out of context, but the threat is still very much real. Ouch.
According to OWASP, an XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
If a parser accepts unsanitized XML, we can take advantage of that and send our own crafted external XML payload to exploit our target. This post won’t be long so let’s get into it.
Security updates have been issued by Arch Linux (chromium, sdl, and unbound), Debian (clamav, libdatetime-timezone-perl, openssl, tcpdump, and tzdata), Fedora (cutter-re, jackson-annotations, jackson-bom, jackson-core, jackson-databind, jackson-parent, libapreq2, ming, opendmarc, radare2, and thunderbird), openSUSE (chromium), Oracle (kernel), and SUSE (axis, jakarta-commons-fileupload, kernel, sles12sp3-docker-image, sles12sp4-image, system-user-root, and webkit2gtk3).
The United States appears to be heading toward a full military withdrawal from Syria amid growing chaos, cries of betrayal and signs that Turkey’s invasion could fuel a broader war.
Gen. John Allen, the former commander of American forces in Afghanistan and former special presidential envoy for the Global Coalition to Counter ISIS under the Obama administration, told CNN the unfolding crisis in Syria was "completely foreseeable" and "the US greenlighted it."
"There was no chance (Turkish President Recep Tayyip Erdogan) Erdogan would keep his promise, and full blown ethnic cleansing is underway by Turkish supported militias," he said. "This is what happens when Trump follows his instincts and because of his alignment with autocrats."
The Turkish offensive and US withdrawal has drawn an international outcry, as the SDF were the main Western allies in the battle against IS in Syria.
But Turkey views elements of the Kurdish groups within the force as terrorists and says it wants to drive them away from a "safe zone" reaching 30km into Syria.
It also plans to resettle more than three million Syrian refugees currently in Turkey within the zone. Many of them are not Kurds. Critics have warned this could lead to ethnic cleansing of the local Kurdish population.
Former deputy prime minister Barnaby Joyce has joined calls for the Morrison government to try to halt Julian Assange's potential extradition from Britain to the United States on espionage charges, as the WikiLeaks founder's supporters intensify their campaign to bring him to Australia.
Mr Joyce joined former foreign minister Bob Carr in voicing concerns over US attempts to have the 48-year-old Australian stand trial in America, where he faces a sentence of 175 years if found guilty of computer fraud and obtaining and disclosing national defence information.
[...]
Mr Joyce, a former National Party leader and now a government backbencher, said his support for Assange should not be "taken as a character reference about him".
"I support the proper process of Australian law as applied to our citizens in our land in respect of our laws; it is the essence of sovereignty," Mr Joyce told The Age and The Sydney Morning Herald.
When the nation’s largest utility warned customers that it would cut power to nearly 2 million people across Northern California, many rushed out to buy portable generators, knowing the investment could help sustain them during blackouts.
Presidential hopeful Sen. Elizabeth Warren this week targeted Facebook’s advertising policy—which allows politicians to circulate lies—with an ad of her own, which falsely claims that the company’s CEO Mark Zuckerberg endorsed President Donald Trump for re-election.
NEW YORK—Facing intense scrutiny from President Donald Trump and his Republican allies, Hunter Biden announced on Sunday that he will step down from the board of directors of a Chinese-backed private equity firm at the end of the month as part of a pledge not to work on behalf of any foreign-owned companies should his father win the presidency.
Uganda is once again targeting media outlets it believes to be critical of the government.
This system will apply to foreign owned companies in China on the same basis as to all Chinese persons, entities or individuals. No information contained on any server located within China will be exempted from this full coverage program. No communication from or to China will be exempted. There will be no secrets. No VPNs. No private or encrypted messages. No anonymous online accounts. No trade secrets. No confidential data. Any and all data will be available and open to the Chinese government. Since the Chinese government is the shareholder in all SOEs and is now exercising de facto control over China’s major private companies as well, all of this information will then be available to those SOEs and Chinese companies. See e.g. China to place government officials inside 100 private companies, including Alibaba. All this information will be available to the Chinese military and military research institutes. The Chinese are being very clear that this is their plan.
Apple admits that it sends some user IP addresses to Tencent in the “About Safari & Privacy” section of its Safari settings which can be accessed on an iOS device by opening the Settings app and then selecting “Safari > About Privacy & Security.” Under the title “Fraudulent Website Warning,” Apple says: [...]
These are in chronological order, starting with the earliest. So the whole thing should read like a nice, long privacy vortex timeline.
Two French journalists were also injured during the attack. The nationality of the slain journalist has not yet been confirmed.
The global #MeToo movement has sparked significant social, cultural, and legal change, but many challenges remain, Human Rights Watch said, on the eve of the second anniversary of the #MeToo hashtag going viral on social media.
Atatiana Koquice Jefferson, 28, was killed around 2:30 a.m. Saturday after a neighbor called dispatchers to report the woman's front door was open, police said.
James Smith, Jefferson's neighbor, told the Fort Worth Star-Telegram he called a non-emergency police number when he saw her doors open and lights on in the early morning hours. Officers arrived and parked near but not in front of the residence, police spokesman Lt. Brandon O'Neil said Sunday at a news conference.
The officers were searching the perimeter of the woman's home when they saw a person standing inside near a window and one of them opened fire, killing her, police said.
Right-wing terror is a feature of daily life in present-day America. Ostensibly spontaneous violence incubates in the same ideological ecosystem as organized reactionary political associations.