Android, developed on Linux, is the biggest mobile operating system by far, used by 85 percent of users. Given its credentials as an extremely popular open-source and free operating system, Linux could provide the most powerful opportunity to build a bridge between blockchain and the real world.
Although it’s not widely used as a desktop operating system, Linux has been released for more hardware platforms than any OS in history. The chances are you’re already using it in some format, as Linux is embedded into hardware such as TVs, game consoles, routers, smartwatches, and more.
This summer marked the one-year anniversary of Knative, an open-source project that provides the fundamental building blocks for serverless workloads in Kubernetes. In its relatively short life (so far), Knative is already delivering on its promise to boost organizations’ ability to leverage serverless and FaaS (functions as a service).
Knative isn’t the only serverless offering for Kubernetes, but it has become a de-facto standard because it arguably has a richer set of features and can be integrated more smoothly than the competition. And the Knative project continues to evolve to address businesses’ changing needs. In the last year alone, the platform has seen many improvements, giving organizations looking to expand their use of Kubernetes through serverless new choices, new considerations and new opportunities.
Redis Labs today announced it has enhanced the Operator software for deploying its database on Kubernetes clusters to include an automatic cluster recovery that enables customers to manage a stateful service as if it were stateless.
Announced at Redis Day, the latest version of Kubernetes Operator for Redis Enterprise makes it possible to spin up a new instance of a Redis database in minutes.
Howard Ting, chief marketing officer for Redis Labs, says as Kubernetes has continued to gain traction, it became apparent that IT organizations need tools to provision Redis Enterprise for Kubernetes clusters. That requirement led Redis Labs to embrace Operator software for Kubernetes developed by CoreOS, which has since been acquired by Red Hat. IT teams can either opt to recover databases manually using Kubernetes Operator or configure the tool to recover databases automatically anytime a database goes offline. In either case, he says, all datasets are loaded and balanced across the cluster without any need for manual workflows.
The rumors of Docker not doing too well in the business seems true. Mirantis announced that it has acquired the Docker Enterprise platform business. Even though we don’t know the price of the acquisition, there’s still a lot of details to take a look at.
[...]
The acquisition of Docker’s Enterprise business includes the products, technology, IP, customer and partner relationships, and also the former employees of Docker Enterprise without affecting the customer service.
Further, the Docker technology includes Docker Enterprise Engine, Docker Trusted Registry, Docker Unified Control Plane, Docker CLI.
Most web apps need login information of some kind, and it is a bad idea to put them in your source code where it gets saved to a git repository that everyone can see. Usually these are handled by environment variables, but Docker has come up with what they call Docker secrets. The idea is deceptively simple in retrospect. While you figure it out it is arcane and difficult to parse what is going on.
Essentially the secrets function create in memory files in the docker image that contain the secret data. The data can come from files, or a Docker swarm.
The first thing to know is that the application running in the docker image needs to be written to take advantage of the Docker secrets function. Instead of getting the password from an environment variable, it would get the password from the file system at /run/secrets/secretname. Not all images available use this functionality. If they don't describe how to use Docker secrets, the won't work. The files will be created in the image, but the application won't read them.
Today Red Hat is introducing the open sourcing of Project Quay, the upstream project representing the code that powers Red Hat Quay and Quay.io. Newly open sourced, as per Red Hat’s open source commitment, Project Quay represents the culmination of years of work around the Quay container registry since 2013 by CoreOS, and now Red Hat.
Quay was the first private hosted registry on the market, having been launched in late 2013. It grew in users and interest with its focus on developer experience and highly responsive support, and capabilities such as image rollback and zero-downtime garbage collection. Quay was acquired in 2014 by CoreOS to bolster its mission to secure the internet through automated operations, and shortly after the CoreOS acquisition, the on-premise offering of Quay was released. This product is now known as Red Hat Quay.
The United States Department of Defense (DoD) partnered with Red Hat to help improve aircraft and pilot scheduling for United States Marine Corps (USMC), United States Navy (USN) and United States Air Force (USAF) aircrews.
Red Hat has a strong moat in the Unix operating system space. It is bringing innovation to the market by leveraging Linux, containers, and Kubernetes. And it is standardizing on the Red Hat OpenShift platform and bringing it together with IBM’s enterprisRed Hat has a strong moat in the Unix operating system space. It is bringing innovation to the market by leveraging Linux, containers, and Kubernetes. And it is standardizing on the Red Hat OpenShift platform and bringing it together with IBM’s enterprise. This will position IBM to lead in the hybrid cloud market.
OpenShift Container Platform 4 comes with a Prometheus monitoring stack preconfigured. This stack is in charge of getting cluster metrics to ensure everything is working seamlessly, so cool, isn’t it?
But what happens if we have more than one OpenShift cluster and we want to consume those metrics from a single tool, let me introduce you to Thanos.
In the words of its creators, Thanos is a set of components that can be composed into a highly available metrics system with unlimited storage capacity, which can be added seamlessly on top of existing Prometheus deployments.
In the previous post we covered the details of a vDPA related proof-of-concept (PoC) showing how Containerized Network Functions (CNFs) could be accelerated using a combination of vDPA interfaces and DPDK libraries. This was accomplished by using the Multus CNI plugin adding vDPA as secondary interfaces to kubernetes containers.
We now turn our attention from NFV and accelerating CNFs to the general topic of accelerating containerized applications over different types of clouds. Similar to the previous PoC our focus remains on providing accelerated L2 interfaces to containers leveraging kubernetes to orchestrate the overall solution. We also continue using DPDK libraries to consume the packet efficiently within the application.
In a nutshell, the goal of the second PoC is to have a single container image with a secondary accelerated interface that can run over multiple clouds without changes in the container image. This implies that the image will be certified only once decoupled from the cloud it’s running on.
As will be explained, in some cases we can provide wirespeed/wirelatency performance (vDPA and full virtio HW offloading) and in other cases reduced performance if translations are needed such as AWS and connecting to its Elastic Network Adapter (ENA) interface. Still, as will be seen it’s the same image running on all clouds.
I held a Fedora Birds-of-a-Feather (BoF) session at Ohio LinuxFest in Columbus, Ohio on November 1. Ohio LinuxFest is a regional conference for free and open source software professionals and enthusiasts. Since it’s just a few hours drive from my house, it seemed like an obvious event for me to attend. We had a great turnout and a lively conversation of the course of an hour.
The session started a little slowly as many people were still in the keynote. But a few minutes later, the room was nearly full. I didn’t take a count, but at the peak, we probably had about two dozen attendees. Some were existing Fedora users and some were there to learn more about Fedora.
I didn’t plan any particular content, since I wanted to let the group drive the discussion based on what was interesting to them. We ended up talking about documentation a fair amount. Two of the attendees created a FAS account that weekend so they can start contributing to the docs! Several more claimed the OLF BoF badge, and I sent them all a follow-up email directing them to the Join SIG’s Welcome page.
In addition to docs, we talked about the general Fedora release process—how we determine our schedule and how we decide when to release. I brought some USB sticks with Fedora 31 Workstation for people to try. And of course I had stickers, pens, and pins to give away.
Getting Java applications to run well in a cloud-native environment hasn't always been easy, but that could soon change thanks to the open-source Quarkus framework.
Open Liberty is a lightweight, production-ready Java runtime for containerizing and deploying microservices to the cloud, and is now available as part of a Red Hat Runtimes subscription. If you are a Red Hat Runtimes subscriber, you can write your Eclipse MicroProfile and Jakarta EE apps on Open Liberty and then run them in containers on Red Hat OpenShift, with commercial support from Red Hat and IBM.
Developing distributed applications is complicated. You can wait to monitor for performance issues once you launch the application on your test or staging servers, or in production if you’re feeling lucky, but why not track performance as you develop? This allows you to identify improvement opportunities before rolling out changes to a test or production environment. This article demonstrates how two tools can work together to integrate performance monitoring into your development environment: Eclipse Che and Jaeger.
Issues of inclusivity also make workplaces challenging for underrepresented developers. Women are 45% more likely to leave their jobs in the first year than men. While some point to factors outside the workplace to account for this, we know that women tend to leave their roles because of feelings of isolation and poor sponsorship. This exacerbates the $16 billion-a-year problem the tech industry faces in hiring and retraining costs.
I started contributing to Kubernetes (K8s) in October 2018, when I was working on the Product Security Incident Response Team at IBM. I was drawn to distributed systems, but I couldn't work with them in my day job, so my mentor, Lin Sun, suggested I contribute to open source distributed systems in my spare time. I became interested in K8s and have never looked back!
Emissions API is easy to access satellite-based emission data for everyone. The project strives to create an application interface that lowers the barrier to use the data for visualization and/or analysis.
It’s time to update your kernel again as yet more Intel security issues come to light, good news for container management and self-hosted collaboration, and Brave is finally ready for production.
We talk about the best ways to get involved in open source communities, finding like-minded people, conference strategies, community hubs, and what happened to all the LUGs.
Migrating drives and zpool between hosts, OpenBSD in 2019, Dragonfly’s new zlib and dhcpcd, Batch renaming images and resolution with awk, a rant on the X11 ICCCM selection system, hammer 2 emergency space mode, and more.
car woes, pi hole, laptops and desktops, games
sentio desktop, osmo, ubuntu to the rescue
Bijlani is focused on a specific type of sandbox: a filesystem sandbox. The idea is to restrict access to sensitive data when running these untrusted programs. The rules would need to be dynamic as the restrictions might need to change based on the program being run. Some examples he gave were to restrict access to the ~/.ssh/id_rsa* files or to only allow access to files of a specific type (e.g. only *.pdf for a PDF reader).
He went through some of the existing solutions to show why they did not solve his problem, comparing them on five attributes: allowing dynamic policies, usable by unprivileged users, providing fine-grained control, meeting the security needs for running untrusted code, and avoiding excessive performance overhead. Unix discretionary access control (DAC)—file permissions, essentially—is available to unprivileged users, but fails most of the other measures. Most importantly, it does not suffice to keep untrusted code from accessing files owned by the user running the code. SELinux mandatory access control (MAC) does check most of the boxes (as can be seen in the talk slides [PDF]), but is not available to unprivileged users.
Namespaces (or chroot()) can be used to isolate filesystems and parts of filesystems, but cannot enforce security policies, he said. Using LD_PRELOAD to intercept calls to filesystem operations (e.g. open() or write()) is a way for unprivileged users to enforce dynamic policies, but it can be bypassed fairly easily. System calls can be invoked directly, rather than going through the library calls, or files can be mapped with mmap(), which will allow I/O to the files without making system calls. Similarly, ptrace() can be used, but it suffers from time-of-check-to-time-of-use (TOCTTOU) races, which would allow the security protections to be bypassed.
Linux systems have traditionally run with a single address space that is shared by user and kernel space. That changed with the advent of the Meltdown vulnerability, which forced the merging of kernel page-table isolation (KPTI) at the end of 2017. But, Mike Rapoport said during his 2019 Open Source Summit Europe talk, that may not be the end of the story for address-space isolation. There is a good case to be made for increasing the separation of address spaces, but implementing that may require some fundamental changes in how kernel memory management works.
Currently, Linux systems still use a single address space, at least when they are running in kernel mode. It is efficient and convenient to have everything visible, but there are security benefits to be had from splitting the address space apart. Memory that is not actually mapped is a lot harder for an attacker to get at. The first step in that direction was KPTI. It has performance costs, especially around transitions between user and kernel space, but there was no other option that would address the Meltdown problem. For many, that's all the address-space isolation they would like to see, but that hasn't stopped Rapoport from working to expand its use.
The stable kernel releases are meant to contain as many important fixes as possible; to that end, the stable maintainers have been making use of a machine-learning system to identify patches that should be considered for a stable update. This exercise has had some success but, at the 2019 Open Source Summit Europe, Sasha Levin asked whether this process could be improved further. Might it be possible for a machine-learning system to identify patches that create bugs and intercept them, so that the fixes never become necessary? Any kernel patch that fixes a bug, Levin began, should include a tag marking it for the stable updates. Relying on that tag turns out to miss a lot of important fixes, though. About 3-4% of the mainline patch stream was being marked, but the number of patches that should be put into the stable releases is closer to 20% of the total. Rather than try to get developers to mark more patches, he developed his machine-learning system to identify fixes in the mainline patch stream automatically and queue them for manual review.
This system uses a number of heuristics, he said. If the changelog contains language like "fixes" or "causes a panic", it's likely to be an important fix. Shorter patches tend to be candidates.
The kernel project's email-based development process is well established and has some strong defenders, but it is also showing its age. At the 2019 Kernel Maintainers Summit, it became clear that the kernel's processes are much in need of updating, and that the maintainers are beginning to understand that. It is one thing, though, to establish goals for an improved process; it is another to actually implement that process and convince developers to use it. At the 2019 Open Source Summit Europe, a group of 20 or so maintainers and developers met in the corner of a noisy exhibition hall to try to work out what some of the first steps in that direction might be.
The meeting was organized and led by Konstantin Ryabitsev, who is in charge of kernel.org (among other responsibilities) at the Linux Foundation (LF). Developing the kernel by emailing patches is suboptimal, he said, especially when it comes to dovetailing with continuous-integration (CI) processes, but it still works well for many kernel developers. Any new processes will have to coexist with the old, or they will not be adopted. There are, it seems, some resources at the LF that can be directed toward improving the kernel's development processes, especially if it is clear that this work is something that the community wants.
Merged to the mainline Linux kernel last week was a driver providing VirtualBox guest shared folder support with the driver up to now being out-of-tree but important for sharing files between the host and guest VM(s). While the driver was part of Linux 5.4-rc7, Linus Torvalds decided to delete this driver on Tuesday.
The VirtualBox Shared Folder (VBOXSF) driver will not be part of the mainline Linux 5.4 kernel. Linus was unhappy that it didn't have the necessary sign-offs plus that it's coming late in the cycle and not appearing to meet quality expectations.
Another Intel change being sent off for Linux 5.4 and to be back-ported to current stable series is disabling of HPET for Coffee Lake systems.
Due to bug reports going back at least a half-year and workarounds not panning out, kernel developers have decided to blacklist the High Precision Event Timer (HPET) on Coffee Lake systems.
Some Coffee Lake systems have a skewed HPET timer when entering the PC10 power state and that in turn marks the time stamp counter (TSC) as unstable.
The Adreno 640 GPU that is used by Qualcomm's Snapdragon 855/855+ SoCs is now working with the open-source Freedreno Gallium3D OpenGL and "TURNIP" Vulkan drivers with the newest Mesa 20.0 development code.
Besides the forthcoming Adreno 680/685 GPUs for Snapdragon-powered Windows laptops, the Adreno 640 is at the top of the Adreno 600 series line-up. The Adreno 640 is 7nm based and has more ALUs than the Adreno 630 and older, an 899~1037 GFLOPS rating, and other improvements.
A change to look forward to with Mesa 20.0 due out next quarter is Vulkan timeline semaphore support (VK_KHR_timeline_semaphore) for Intel's "ANV" open-source driver.
Vulkan timeline semaphore support is the latest synchronization model for the Vulkan graphics API and building upon earlier primitives. The Vulkan Timeline Semaphore extends VkSemaphore and supports signal/wait from host threads, better platform support, a monotonically increasing counter than can be used for more descriptive purposes, and other design improvements.
The Khronos Group has been expanding into a lot of new areas in recent times from OpenXR to 3D Commerce to NNEF and now forming an exploratory group for creating an analytic rendering API.
The Khronos Analytic Rendering API would be an industry standard API around data visualizations. This API would be a step above graphics APIs like Vulkan and be catered to data presentation purposes. The API has yet to be formalized as it's still in the early stages but would likely be akin to a vendor-neutral equivalent of NVIDIA VisRTX or Intel OSPray.
AMD on Tuesday released their Radeon Pro Software for Enterprise 19.Q4 for Linux package as their newest quarterly driver release intended for their professional graphics card offerings.
Radeon Pro Software for Enterprise 19.Q4 for Linux is arriving as scheduled and continues to provide both the AMDGPU-PRO and AMDGPU-Open driver stacks depending upon your preferences.
Hi list,
I'd like to announce mesa-19.2.4, which is available immediately. This is an emergency release, to fix a critical bug found in the 19.2.3 release which causes incomplete rendering on all mesa drivers. This release contains a single patch to fix that bug, anyone using 19.2.3 should immediately upgrade to 19.2.4 or downgrade to 19.2.2.
Dylan
Mesa 19.2.4 was released on Wednesday as an "emergency release" after a bug was discovered that made last week's Mesa 19.2.3 version buggy for all OpenGL drivers.
Mesa 19.2.3 was impacted by a bug in the common Mesa OpenGL code that led to incomplete rendering. Ultimately just a few lines of code needed to be worked around for checking the frame-buffer completeness only after state updates.
Released on Wednesday was the NVIDIA 435.27.06 Linux driver as their newest beta build focused on offering better Vulkan driver support.
While the NVIDIA 435.27.06 driver doesn't offer any new Vulkan extensions or landmark new features, it does offer some practical improvements. Catching our eye in particular is the better fullscreen exclusive support handling for non-primary monitors and better G-SYNC support for borderless windows. The other fixes are also quite useful too.
If you like to live on the wild side, NVIDIA yesterday released a brand new update to their Vulkan Beta driver series with version 435.27.06.
With yesterday's overview and benchmarks of Intel's Jump Conditional Code Erratum one of the areas where the performance impact of the updated CPU microcode exceeding Intel's 0~4% guidance was on the web browser performance. Now with more time having passed, here are more web browser benchmarks on both Chrome and Firefox while comparing the new CPU microcode release for the JCC Erratum compared to the previous release. Simply moving to this new CPU microcode does represent a significant hit to the web browser performance.
In this article is just a look at how the updated CPU microcode for the JCC Erratum affects the Mozilla Firefox and Google Chrome web browser performance. This article isn't looking at any impact from the also new Zombieload TAA mitigation (that's coming in a separate article shortly) or anything else but simply benchmarking both of these web browsers with the old and new CPU microcode on a Skylake-X system.
Need to download all images in an online album and don't want to click each image to save it to your computer? Try RipMe, a Java tool with both graphical and command line interfaces, to mass download images from various sources.
RipMe runs on macOS, Linux and Windows, and it can download all images in an album by just entering the album link. It supports popular websites like Imgur, Instagram, Reddit (you can download all the images of a subreddit or all the images submitted by an user), Flickr, Twitter, Tumblr, DeviantArt, and more.
Darktable 3.0 RC1 is out today and represents around three thousand commits made to Darktable since the 2.6 series. The Darktable 3.0 is a big release with reworking its GTK user-interface code, undo/redo being supported for more operations, 4K/5K display improvements, 3D RGT LUT transformation support, some SSE optimizations, OpenMP 4.0 requirement when wanting OpenMP threading, more camera support, and a lot more.
Kali Linux is a Debian-based distro developed and maintained specifically for advanced Penetration Testing and Security by one of the world’s leading information security training companies, Offensive Security.
Commonly referred to as the perfect OS for hackers, it is a complete rebuild of BackTrack Linux with full adherence to Debian development standards and was first released on 13th March, 2013, since then it has always come straight out of the box with a ton of tools geared towards Information management, Computer Forensics, Reverse Engineering, and Security research, among other tasks.
With a visual style inspired by papercraft, story telling like Dungeons & Dragons and XCOM-like combat options the new tactical RPG Wildermyth is out in Early Access on Steam. Note: Key provided by the developer.
A character-driven, procedurally generated RPG where each play-through will give you new characters and events. With a story told through comic-styled ripped-up paper scraps, giving you a sort-of choose your own adventure choice style it certainly gives a great first impression.
Canadian developer Beyond Fun Studio has announced Aeolis Tournament, a new 3D 8-player party game that will be coming to Linux in April next year.
This is the first time they've officially announced it, however they've shown it off at various conventions like the Tokyo Game Show, MEGA-MIGS, DreamHack Montreal and Comiccon Montreal. They also won the Best Game award at both the 2019 Catapulte program and 2018 Pixel Challenge in Quebec City so they must be onto something good here.
Crusader Kings 3 is going to be a big game, of that I've no doubt. Everything Paradox has said about it so far has me exceptionally excited, especially with their bigger focus on accessibility for more players. As a reminder, it's already confirmed to be coming to Linux when it launches next year.
They're now doing regular development diary posts to go over some of the game mechanics, giving us an early look at what to expect from from this upcoming grand strategy game. Just recently Paradox put out a new video with the Game Director of Crusader Kings 3, Henrik FÃÂ¥hraeus, who goes over their vision.
Releasing on November 20, Texel Raptor just announced the first big expansion to their incredibly fun theme park building game Parkitect and I couldn't be more excited.
I remember being completely absorbed by the classic Theme Park from Bullfrog in my youth, to which Parkitect firmly filled the hole it left in my adult life. Parkitect doesn't necessarily need an expansion, it already has everything that makes it a great game. However, I will gladly take this expansion so I can happily play even more of it.
CodeWeavers is looking to hire another developer to work on Wine's graphics stack and in particular the WineD3D code while having an emphasis that it's part of Valve's Steam Play (Proton) efforts.
CodeWeavers, the company that helps to support development of Wine and are currently partnered up with Valve to help with Steam Play/Proton have a new Graphics Developer position open.
This is a completely different position to the one we posted about before, which is a more generalised role. Instead, their new Graphics Developer position would have you working on Wine's Direct3D implementation. Quite a complicated role, involving early DirectDraw up until modern Direct3D 12 in addition to Vulkan and OpenGL.
MX Linux is taking the industry by storm, is MX Linux 19 worth all the hype? In this video, I'll show off this new version of the mega-popular Linux distribution and you'll see it in action, installed on real hardware. Is MX Linux 19 the best XFCE distro available today?
The content of this article has been contributed by Alexandra Settle, Technical Writer at the SUSE Documentation Team.
It is part of a series of articles focusing on SUSE Documentation and the great minds that create the manuals, guides, quick starts, and many more helpful documents.
Yesterday I uploaded a new DVD-sized ISO for the Plasma5 variant of Slackware Live Edition based on the liveslak scripts version 1.3.3. The ISO contains Slackware-current “Tue Nov 12 23:08:45 UTC 2019” with my KDE-5_19.11 and boots a Linux 4.19.83 kernel.
Once again, Canonical decided to donate even more Ubuntu Touch devices to UBports, but this time there's even better news for those interested in contributing to the development of Ubuntu Touch, the mobile OS created by Canonical for Ubuntu Phones, which is now entirely maintained by the UBports Foundation.
This time, UBports decided to donate the Ubuntu Touch devices, which consists of two dozen BQ Aquaris E4 phones, two BQ Aquaris M10 tablets, one Meizu MX4 phone, and several other we can't identify, to any developer interested in joining the Ubuntu Phone movement and contribute to the development of Ubuntu Touch.
This was the final iteration before our roadmap sprint where we plan our 20.04 work. Here are some of the highlights of our completed work.
I remember my first foo. It was September, 1974, on a PDP-11/40, in the second-floor lab at the local community college. It was an amazing experience for a fourteen-year-old, admitted at 12 to audit night classes because his dad was a part-time instructor and full-time polymath.
I should warn you, I’m not the genius in the room. I maintained a B average in math and electrical engineering, but A+ averages in English, languages, programming, and organic chemistry (yeah, about that….). The genius was my Dad, the math wizard, the US Navy CIC Officer. More on him in a later blog — he’s relevant to what MAAS does in a big way.
Okay, so I’m more of a language (and logic) guy. But isn’t code where math meets language and logic?
Research Unix
Fifth edition UNIX had just been licensed to educational institutions at no cost, and since this college was situated squarely in the middle of the military-industrial complex, scoring a Hulking Giant was easy. Finding good code to run it? That was another issue, until Bell Labs offered up a freebie.
It was amazing! Getting the computer to do things on its own — via ASM and FORTRAN — was not new to me. What was new was the simplicity of the whole thing. Mathematically, UNIX and C were incredibly complex, incorporating all kinds of network theory and topology and numerical methods that (frankly) haven’t always been my favorite cup of tea. I’m not even sure if Computer Science was a thing yet.
But the amazing part? Here was an OS which took all that complexity and translated it to simple logic: everything is a file; small is beautiful; do one thing well. Didn’t matter that it was cranky and buggy and sometimes dumped your perfectly-okay program in the bit bucket. It was a thrill to be able to do something without having to obsess over the math underneath.
WAGO has converted to Linux for its second-gen “PFC200” controller. The 1GHz Cortex-A8 device, which has an e!COCKPIT CODESYS V3 runtime in addition to Real-time Linux, offers dual 10/100 Ethernet, a serial port, and connections to the modular WAGO-I/O-System fieldbus modules.
WAGO has switched over to Linux for the second-gen version of its PFC200 Controller for Programmable Logic Controller (PLC) applications, although it continues to offer its e!COCKPIT CODESYS V3 runtime environment and development environment for traditional CODESYS programming. The system is designed to support its modular WAGO-I/O-System of I/O modules, which we were reporting on as early as 2007 back at the old LinuxDevices site in regard to its integration with Kontron’s ThinkIO-Duo computer. WAGO also announced that a similarly Real-time Linux based PFC200 BACnet/IP Controller will arrive in mid-2020.
What can be more irritating than spending money more than your budget in the grocery shop? You know, why does that happen? It is because of a good arrangement or listing of your needs. If you make a proper grocery list, the risk of spending more money buying any unnecessary things will disappear. Keeping memo pads or notes with a pen is not possible all the time so that you can write down your essentialities when they appear in your mind. But you have your phones beside you all the time. So, if you have one or more good grocery list apps for Android, you can avoid all these hassles and enjoy your happy shopping time.
Previously we’ve indicated that we would contact people as their particular batch is being prepared for shipping. For instance, we have started sending out emails to backers who will receive Birch in the coming days and weeks.
As we mentioned in our post Supplying the Demand, we were surprised at the demand for our early batches. We also expect that some customers will change their mind one (or more) times about which batch they’d prefer as each batch comes out and more videos, pictures, and articles are posted. For these and other reasons we’ve been reluctant to notify people which batch they are likely to be in, as it could change as people change their minds and slots open up.
This is the 76th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.
Brave browser is an interesting take as a privacy-focused browser. Even though we already have plenty of options to consider for Linux (Chromium/Firefox, etc.), the Brave browser stands out for things like strictly blocking ads and trackers.
It was in the beta phase before the announcement. So, if you already had it installed, you may not find a significant change with this release.
If you are learning about this browser for the first time, I shall mention a few key highlights associated with this release.
On Tuesday Fastly, Intel, Mozilla, and Red Hat teamed up to form the Bytecode Alliance, an industry group intent on making WebAssembly work more consistently and securely outside of web browsers.
WebAssembly is a form of low-level bytecode that can be created by passing code in higher-level languages, like C/C++ and Rust, through a compiler. It's been described as an assembly language for a conceptual machine rather than a physical one. That means it can be run on various processor architectures and operating systems. It's a bit like Java, but for a structured stack machine rather than the JVM's fully-general stack machine.
Wasm, as WebAssembly is known to its friends, is faster than JavaScript – about 20x by one measure – and has other advantages in terms of security, portability, size, and load-time efficiency. It's been implemented in at least four major browsers – Chrome, Edge, Firefox, and Safari – and now Bytecode Alliance members aim to help it move beyond the browser.
Many of the use-cases for wasm involve in-browser applications, such as running games or other performance-sensitive tasks. But wasm also has potential outside the browser, for content distribution, server-side handling of untrusted code, hybrid native apps on mobile devices, and multi-node computation.
The Bytecode Alliance is an industry partnership with the aim of forging WebAssembly’s outside-the-browser future by collaborating on implementing standards and proposing new ones. The newly formed alliance has "a vision of a WebAssembly ecosystem that is secure by default, fixing cracks in today’s software foundations". The alliance is currently working on a standalone WebAssembly runtime, two use-case specific runtimes, runtime components, and language tooling.
Today we announce the formation of the Bytecode Alliance, a new industry partnership coming together to forge WebAssembly’s outside-the-browser future by collaborating on implementing standards and proposing new ones. Our founding members are Mozilla, Fastly, Intel, and Red Hat, and we’re looking forward to welcoming many more.
Mozilla has been heavily invested in WebAssembly with Firefox, and today, the organization teamed up with a few others to form the new Bytecode Alliance, which aims to create "new software foundations, building on standards such as WebAssembly and WebAssembly System Interface (WASI)." Mozilla has teamed up with Intel, Red Hat, and Fastly to found the alliance, but more members are likely to join over time. The goal of the Bytecode Alliance is to create a new runtime environment and language toolchains which are secure, efficient, and modular, while also being available on as many platforms and devices as possible. T
Mozilla has been heavily invested in WebAssembly with Firefox, and today, the organization teamed up with a few others to form the new Bytecode Alliance, which aims to create "new software foundations, building on standards such as WebAssembly and WebAssembly System Interface (WASI)". Mozilla has teamed up with Intel, Red Hat, and Fastly to found the alliance, but more members are likely to join over time.
The goal of the Bytecode Alliance is to create a new runtime environment and language toolchains which are secure, efficient, and modular, while also being available on as many platforms and devices as possible. The technologies being developed by the Bytecode Alliance are based on WebAssembly and WASI, which have been seen as a potential replacement for JavaScript due to more efficient code compiling, and the expanded capabilities of being able to port C and C++ code to the web.
Notifications. Can you keep count of how many websites or services prompt you daily for permission to send notifications? Can you remember the last time you were thrilled to get one?
Earlier this year we decided to reduce the amount of unsolicited notification permission prompts people receive as they move around the web using the Firefox browser. We see this as an intrinsic part of Mozilla’s commitment to putting people first when they are online.
In preparation, we ran a series of studies and experiments. We wanted to understand how to improve the user experience and reduce annoyance. In response, we’re now making some changes to the workflow for how sites ask users for permission to send them notifications. Firefox will require explicit user interaction on all notification permission prompts, starting in Firefox 72.
The “Omniscient” Browser Toolbox will be enabled by default in the coming days
Last year, Adobe, SAP and Microsoft came together and formed the Open Data Initiative. Not to be outdone, this week, AWS, Salesforce and Genesys, in partnership with The Linux Foundation, announced the Cloud Information Model.
The two competing data models have a lot in common. They are both about bringing together data and applying a common open model to it. The idea is to allow for data interoperability across products in the partnership without a lot of heavy lifting, a common problem for users of these big companies’ software.
Jim Zemlin, executive director at The Linux Foundation, says this project provides a neutral home for the Cloud Information model, where a community can work on the problem. “This allows for anyone across the community to collaborate and provide contributions under a central governance model. It paves the way for full community-wide engagement in data interoperability efforts and standards development, while rapidly increasing adoption rate of the community,” Zemlin explained in a statement.
It seems to me that Code of Conduct complaints made in public must be immediately rejected and viewed as Code of Conduct violations in and of themselves. Code of Conduct complaints should be submitted in private and remain private and confidential in order to prevent their use as a means of harassment. It also seems to me that while the process of accepting, reviewing, and adjudicating such complaints should be public, the proceedings and decision of each individual case should remain private and confidential in order to protect the parties from harm. Making them a public showcase is, simply, horrible.
Was the Code of Conduct actually violated by Mr. Wood? I have watched the videos in question and read the tweets and I can find no instance where Mr Wood violated the LF Code of Conduct. I understand that LF can make any decision they like about what constitutes a Code of Conduct violation. However, when both the complaint and the response are so blatantly public, it seems to me that LF owes it to the observing community to explain their decision and describe the due process that was used to make it – including the decision to make the public response that undoubtedly caused harm to Mr. Wood. To date no such explanation has been forthcoming, despite repeated requests.
Thanks to the Linux Vendor Firmware Service it's now much easier to update firmware on Linux. The LVFS supports a huge amount of devices, brings it's own firmware database, has a nice UI and periodically checks if new firmware updates are available. Hardware vendors can upload their firmware to LVFS, which charges no cost for hosting or distribution.
In making it more easy to update Coreboot system firmware, the ability to update Coreboot via the Linux Vendor Firmware Service (LVFS) with Fwupd is finally being worked out.
Patrick Rudolph of 9elements Cyber Security has been working on allowing Coreboot firmware updates to happen over LVFS. With Coreboot being open-source and popular among Linux enthusiasts, it's surprisingly taken this long to get a Coreboot plug-in into Fwupd and the other infrastructure work to allow Coreboot updates to happen just as proprietary BIOS updates are increasingly happening through Fwupd+LVFS with the major proprietary BIOS vendors and major OEMs all supporting this Linux firmware updating process.
As readers of this blog might remember, there is a mode where the firmware (BIOS) is responsible for powering the Thunderbolt controller. This means that if no device is connected to the USB type C port the controller will be physically powered down. The obvious upside is battery savings. The downside is that, for a system in that state, we cannot tell if it has a Thunderbolt controller, nor determine any of its properties, like firmware version. Luckily, there is an interface to tell the firmware (BIOS) to "force-power" the controller. The interface is a write only sysfs attribute. The writes are not reference counted, i.e. two separate commands to enable the force-power state followed by a single disable, will indeed disable the controller. For some time boltd and the firmware update daemon both directly poked that interface. This lead to some interference, leading in turn to strange timing bugs. The canonical example goes like this: fwupd force-powers the controller, uevents will be triggered and Thunderbolt entries appear in sysfs. The boltd daemon will be started via udev+systemd activation. The daemon initializes itself and starts enumerating and probing the Thunderbolt controller. Meanwhile fwupd is done with its thing and cuts the power to the controller. That makes boltd and the controller sad because they were still in the middle of getting to know each other.
As of this morning LibreOffice 6.4 was branched from master and the beta release tagged with those LO 6.4 Beta binaries expected out shortly.
LibreOffice 6.4 remains on schedule for releasing either at the end of January or first days of February. The LibreOffice 6.4 Beta release is making it on time while this branching also marks the hard feature freeze for the next installment of this open-source cross-platform office suite.
We often talk about the desktop version of LibreOffice on this blog, but our community is working on mobile tools as well. For instance, the LibreOffice Impress Remote lets you interact with your slideshow presentation from your Android device – including slide previews, speaker notes, and more.
WordPress, one of the internet’s leading purveyors of blog infrastructure and hosting, has taken a step toward making blogging more sustainable by allowing sites to easily accept recurring payments. Think: subscriptions. The tool will be available to anyone with a paid WordPress site and to sites that use the company’s Jetpack toolkit.
Intel today announced the launch of the Edge AI DevCloud, a way to prototype and test AI with the OpenVINO toolkit for edge devices like drones and cameras. Developers can use existing tools and frameworks to test and optimize models in OpenVINO for Intel hardware like CPUs or FPGAs for free.
Over the past year Code Sourcery / Mentor Graphics has been working extensively on the new AMD Radeon "GCN" back-end for the GCC code compiler. With the code that is found in GCC 9 and up to now in GCC 10 hasn't supported OpenMP/OpenACC parallel programming interfaces but that could soon change with patches under review.
The Radeon GPU support in GCC up to now hasn't supported OpenMP or OpenACC for offloading to the graphics processor and thus its practicality has been limited.
Now that Intel lifted its embargo on the "Jump Conditional Code" erratum affecting Skylake through Cascade Lake processors, while Intel's own Clear Linux was first to carry these patches they have now been sent out on the Binutils mailing list for trying to get the JCC optimization patches into the upstream Binutils/GAS code-base.
Well known Intel compiler toolchain expert H.J. Lu sent out the five patches on Tuesday for optimizing around the JCC Erratum. The GNU Assembler (GAS) patches aim to mitigate the performance by aligning branches within 32-byte boundaries for various instructions. The behavior is activated via the -mbranches-within-32B-boundaries command line switch.
When writing about the Intel Jump Conditional Code (JCC) Erratum and how Intel is working to mitigate the performance hit of the CPU microcode update with patches to the GNU Assembler, there was some concern expressed by readers that it might hurt AMD performance. That does not appear to be the case.
On an AMD Ryzen 7 3700X box I installed Clear Linux and set it up in the same manner I used for this week's Skylake / Cascade Lake testing. In particular, comparing of Clear Linux builds 31470 and 31480 as that was the release where the patched version of the GNU Assembler was introduced and many bundles (packages) rebuilt as explained in the aforelinked article.
Do you believe that free software is crucial to a free society? Do you want to help people learn why free software matters, and how to use it? Do you want to dig deep into software freedom issues like copyleft, Digital Restrictions Management (DRM), or surveillance and encryption? Or, do you want to learn systems administration, design, or other tasks using only free software?
The Free Software Foundation (FSF) is looking for interns to spend the summer contributing to work in one of three areas: campaigns, licensing, or technical.
These positions are unpaid, but the FSF will provide any appropriate documentation you might need to receive funding and school credit from outside sources. We also provide lunch expense reimbursement and a monthly transportation pass that will give you free access to local subways and buses (MBTA). We place an emphasis on providing hands-on educational opportunities for interns, in which they work closely with staff mentors on projects that match their skills and interest.
For a number of years FOSSology was distributed and maintained by HP, until it became an LF project in 2015. It is easier for companies to collaborate on software in a project at an organization like the LF, he said, it makes for a safer harbor for competitors to work together—in Germany, at least. He works for Siemens AG, which is a rather large Germany company.
Breaking up archive files into their constituent files—some of which may need to be unpacked themselves—then scanning the individual source and other files for their licenses is the basic task of FOSSology. It has a powerful license scanner, he said. Its web-based interface can then give an overview of the contents—which licenses apply to various parts of the tree, for example—and allow users to drill down into the file hierarchy to the individual files to see their copyrights and license-relevant text. When looking at the file, FOSSology highlights that license-relevant text and shows a comparison with the reference text of the license it has determined for the file.
Determining the license that applies to a file is challenging, however. Files have a wide variety of license-relevant text in them, some of which is ambiguous. It depends on the kind of source code you are working with, but the scanner is unable to decide on a license for up to 30% of files it sees, so it is up to a human reviewer to tag the right license. It is then important to also track what reviewers decide on files in the FOSSology database.
The Software Package Data Exchange (SPDX) format is used to describe various things in a package, including licensing information. FOSSology can both import and export SPDX information, which allows exchanging information between two FOSSology users to share analysis work. FOSSology is one of a few tools that can consume SPDX information; it can be used to review what another party has concluded about the licensing of a code base. In addition, when a package gets updated, the previous analysis can be used as a starting point; the new dependencies and other changes can be incorporated into that rather than starting from scratch.
[...]
Huber handed the microphone back to Jaeger to wrap up the presentation. He said that FOSSology participated in the Google Summer of Code (GSoC) for 2019; the project had three GSoC participants working on various projects. FOSSology has been working on integrating with three different open-source projects as well. Software Heritage is a repository of published software, while ClearlyDefined is a repository of metadata about published software. In both cases, FOSSology has plans to interact with them via their REST APIs. The third project is not as well known, he said. Atarashi takes a new approach in scanning for licenses. Instead of using regular expressions and rules, it uses text statistics and information-retrieval techniques.
Another initiative that the project has undertaken is FOSSology Slides, which is a site for gathering slides that can be used to talk and teach about FOSSology. They are all licensed under CC BY-SA 4.0 (as are the slides [PDF] from the OSS EU talk). They can be used as is, or adapted for other uses; he encouraged anyone to contribute their FOSSology slides as well. One nice outcome of that is that some Japanese FOSSology users translated slides from FOSSology Slides to that language and contributed them back, Jaeger said. Other translations would be welcome for those who want to contribute to the project but are not software developers.
A FOSSology user in the audience pointed out that the tool is only able to analyze the code it is given, so package dependencies have to be figured out separately. Jaeger agreed, noting that FOSSology is focused on understanding the licenses in the code it is given; there are other tools that can help figure out what the dependencies are and there are no plans to add that to FOSSology. He suggested the OSS Review Toolkit (ORT) as one possibility.
I recently bought a Hue Bridge to experiment a bit with Zigbee and 802.15.4. Following two posts for the hardware version 2.0 and some comments about the differences to version 2.1 I was able to get shell access on my 2.1 hardware.
As there is up to now no complete guide I describe here, what I did:
Opening the case is straigth forward. Just remove the two lower nubsis at the bottom and unscrew the two torx screws; then carefully unclip the bottom.
The board can be controlled with AT command, but it also supports Arduino programming in Windows, Mac OS, and Linux. You’ll find documentation and code samples on Github, as well as on Heltec’s own website.
The company provides an example of battery life considering a connection with the LoRa gateway every 15 minutes. In this case, an 80mAh/3.7V battery would last for 3 months, but they did not mention in which mode they performed the calculation.
For a long time now I have noticed that OutputDevice is a class that is tightly coupled to drawing primitives such a pixels, lines, rectangles, etc. To draw new primitives in OutputDevice, you need to change the interface by adding another function, often you need to add new private functions, etc.
I have never been entirely comfortable with this - I believe that we shouldn't vary the OutputDevice class, but instead the functionality should be implemented in a command pattern. In a command pattern, you use an object to encapsulate the functionality used to perform an action. What this means is that OutputDevice no longer needs to know how to directly draw a line, pixel, rectangle or any other primitive we throw at it - this is all done in the command object. I call these OutputDevice Drawables. It turns out, I find it easier to test a command object.
Hello and welcome to another issue of This Week in Rust! Rust is a systems language pursuing the trifecta: safety, concurrency, and speed. This is a weekly summary of its progress and community. Want something mentioned? Tweet us at @ThisWeekInRust or send us a pull request. Want to get involved? We love contributions.
When talking to various people at conferences in the last year or at conferences, a recurring topic was that they believed that the GTK Rust bindings are not ready for use yet.
I don’t know where that perception comes from but if it was true, there wouldn’t have been applications like Fractal or Podcasts using GTK from Rust, or I wouldn’t be able to do a workshop about desktop application development in Rust with GTK and GStreamer at the Linux Application Summit in Barcelona this Friday (code can be found here already) or earlier this year at GUADEC.
One reason I sometimes hear is that there is not support for creating subclasses of GTK types in Rust yet. While that was true, it is not true anymore nowadays. But even more important: unless you want to create your own special widgets, you don’t need that. Many examples and tutorials in other languages make use of inheritance/subclassing for the applications’ architecture, but that’s because it is the idiomatic pattern in those languages. However, in Rust other patterns are more idiomatic and even for those examples and tutorials in other languages it wouldn’t be the one and only option to design applications.
If you’ve recently downloaded Python onto your computer, then you may have noticed a new program on your machine called IDLE. You might be wondering, “What is this program doing on my computer? I didn’t download that!” While you may not have downloaded this program on your own, IDLE comes bundled with every Python installation. It’s there to help you get started with the language right out of the box. In this tutorial, you’ll learn how to work in Python IDLE and a few cool tricks you can use on your Python journey!
Following the previous article, Understanding OpenGL through Python where we've set the foundation for further learning, we can jump into OpenGL using PyGame and PyOpenGL.
PyOpenGL is the standardized library used as a bridge between Python and the OpenGL APIs, and PyGame is a standardized library used for making games in Python. It offers built-in handy graphical and audio libraries and we'll be using it to render the result more easily at the end of the article.
As mentioned in the previous article, OpenGL is very old so you won't find many tutorials online on how to properly use it and understand it because all of the top dogs are already knee-deep in new technologies.
OSS Journal, November 2026. In less than two month, with the end of the year 2026, Python 3 will be deprecated and will not obtain any further security updates. Despite the announcement of deprecation back in summer 2020, shortly after the deprecation of Python 2, still thousands of software projects, in particular in data science, seem to be still based on Python 3.
[...]
The Python 3 deprecation has created a whole new branch of companies providing only Python upgrade services, but despite the abundance of these services, many programs are still available only for Python 3, some – like Calibre – even only for Python 2.
So let us use the remaining month to fix the billions of lines of code still not compatible with Python 4, for a better future! Rest assured, it will be the last incompatible Python upgrade (for now).
One is that I helped the Packaging Working Group of the Python Software Foundation get funding for a long-needed improvement to pip. I led the writing of a few proposals -- grantwriting, to oversimplify -- and, starting possibly as soon as next month, contractors will start work.
Version 4.0 of Spyder—a powerful Python IDE designed for scientists, engineers and data analysts—is almost ready! It has been in the making for well over two years, and it contains lots of interesting new features. We will focus on the Files pane in this post, where we've made several improvements to the interface and file management tools.
The GNU Compiler Collection version 7.5 has been released.
GCC 7.5 is a bug-fix release from the GCC 7 branch containing important fixes for regressions and serious bugs in GCC 7.4 with more than 215 bugs fixed since the previous release.
This is also the last release from the GCC 7 branch which will receive no further fixes from now on. GCC continues to be maintained on the GCC 8 and GCC 9 branches and the development trunk.
This release is available from the FTP servers listed at:
http://www.gnu.org/order/ftp.html
Please do not contact me directly regarding questions or comments about this release. Instead, use the resources available from http://gcc.gnu.org.
As always, a vast number of people contributed to this GCC release -- far too many to thank them individually!
For those still on the GCC 7 series, GCC 7.5 was released this morning as the final point release to this compiler series with that branch that saw its original release in 2017 now closed.
SUSE's Richard Biener announced the release today of GCC 7.5 and with that the closing of the GCC 7 branch. The GCC 7.5 release brings more than 215 bug fixes compared to GCC 7.4. There are no new features in GCC 7.5 but all that feature work is focused on GCC 10 that will make its maiden voyage early in 2020.
Almost all novice data scientists and machine learning developers are being confused about picking a programming language. They always ask which programming language will be best for their machine learning and data science project. Either we will go for python, R, or MatLab. Well, the choice of a programming language depends on developers’ preference and system requirements. Among other programming languages, R is one of the most potential and splendid programming languages that have several R machine learning packages for both ML, AI, and data science projects.
[...]
R is an open-source language so people can contribute from anywhere in the world. You can use a Black Box in your code, which is written by someone else. In R, this Black Box is refereed to as a package. The package is nothing but a pre-written code that can be used repeatedly by anyone. Below, we are showcasing the top 20 best R machine learning packages.
Vim is an open source configurable and powerful text editor. It’s an improved version of the vi editor, with development dating back to 1976. This software can be used to write any kind of text.
Vim sports a minimalistic interface to help the writer focus on the task at hand. It’s popular among developers given that it’s inherently modal (you go into command modes where you cannot edit), efficient, extensible, fast, and terminal friendly.
When getting started with Vim, users face a steep learning curve. It’s true the software is simple. It’s simple in the sense that its minimal interface focuses the user on their main task. But Vim is very powerful.
We're happy to announce the release of RelStorage 3.0, the relational storage engine for ZODB. Compared to RelStorage 2, highlights include a 30% reduction in memory usage, and up to 98% faster performance! (Ok, yes, that's from one specific benchmark and not everything is 98% faster, but improved performance was a major goal.)
RelStorage 3.0 is a major release of RelStorage with a focus on performance and scalability. It's the result of a concentrated development effort spanning six months, with each pre-release being in production usage with large databases.
ZODB is a powerful native object database for Python, widely known for its use in the Zope web framework and the Plone content management system. By enabling transparent object graph persistence with no need to predefine schemas, ZODB enables extremely flexible application development. With pluggable storage engines such as FileStorage, ZEO, and RelStorage, it also provides flexible ways to store data.
[...]
In addition, ZODB provides a transactional view of these objects with snapshot isolation. Any given connection to the database sees a consistent view of all the objects in the database (whether it reads or writes to any particular object or not) as-of the moment it began. When adding or updating objects, no changes are published and made visible to other connections until the writing connection commits its transaction, at which point either all the changes are made visible or none of them are. Existing connections that continue reading (or even writing!) will still not see those changes; they're "stuck" at the snapshot view of the objects they started with. (The ability for readers to continue to be able to retrieve old data that's been replaced in newer transactions is known as multi-version concurrency control, or MVCC.)
Many connections may be reading and writing to the database at once. ZODB uses optimistic concurrency control. Readers don't block other readers or writers, and writers are allowed to proceed as if they were the only one making changes right up until they commit. Writes are defined to occur in a strict order. If a writer discovers that an earlier transaction had modified objects that it too wants to modify, a conflict occurs. Instead of just rolling back the writing transaction and forcing it to start over, taking the modified object into account, ZODB gives the application the chance to resolve the conflict using a three-way merge between the object as it existed when the transaction began, the object that the connection wants to commit, and the object that was committed by the other writer. Only if it cannot do so is the transaction rolled back.
In addition to installing packages, pip can also be used to build wheels. Wheels are a special file format that is optimized to install without any processing. This makes wheels useful for installing the same distribution in many different environments, e.g., on different machines or in different virtual environments in a single machine. pip can also record the packages installed in a virtual environment in a text file, which can be transferred to reproduce the identical virtual environment. The text file can be emailed, sent over a chat service, or, most commonly, checked into version control.
“We’re here protesting and sharing stories, but when everything else is so loud, how do you penetrate through?”
Security updates have been issued by Debian (dpdk, intel-microcode, kernel, libssh2, qemu, and webkit2gtk), Fedora (apache-commons-beanutils, bluez, iwd, kernel, kernel-headers, kernel-tools, libell, and microcode_ctl), openSUSE (gdb), Oracle (kernel), Red Hat (kernel and kernel-rt), SUSE (dhcp, evolution, kernel, libcaca, python, python-xdg, qemu, sysstat, ucode-intel, and xen), and Ubuntu (dpdk, intel-microcode, kernel, linux, linux-aws, linux-kvm, linux, linux-lts-trusty, linux-azure, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-kvm, linux-oem-osp1, linux-oracle, linux-raspi2, linux-lts-xenial, linux-aws, linux-raspi2, and webkit2gtk).
As all of the news sites are picking up stories on the latest hardware vulnerabilities, I felt it best to give the Fedora update. I won't go into detail on the vulnerabilities themselves, as Red Hat has already done a good write up on each of the CVEs which I will link to below. There is one case to note where Fedora will differ from the Red Hat write ups. For "Transactional Synchronization Extensions (TSX) Asynchronous Abort" Fedora has chosen to default to "tsx=off Disable the TSX feature". This will likely be of no impact to most users, but as Fedora has taken a different stance from the Red Hat documentation here, it should be noted.
Of the 77 security advisories Intel is making public and the three big ones of the performance-sensitive JCC Erratum, the new ZombieLoad TAA (TSX Asynchronous Abort), and iTLB Multihit No eXcuses, there are also two fixes to their kernel graphics driver around security issues separate from the CPU woes.
CVE-2019-0155 is about user-space writes to the blitter command streamer that could allow an unprivileged user to elevate their privileges on the system.
CVE-2019-0154 is the other vulnerability and that could result in an unprivileged user being able to cause a denial of service by reading select memory regions when the graphics hardware is in certain low-power configurations.
The researchers determined that parts of a specific component used by Cobalt in the third stage of an attack are present in PureLocker. It is the JScript loader for the "more_eggs" backdoor, described by security researchers at Morphisec.
In previous research, IBM X-Force revealed that FIN6, another cybercriminal group targeting financial organizations, also used the "more_eggs" malware kit.
Most of the code in PureLocker is unique, though. This suggests that the malware is either a new one or an existent threat that has been heavily modified.
Back in the early oughts, a common complaint about Linux was that while it was free/libre, it came with no support and you had to pay expensive senior sysadmins to run Linux systems. Fast forward to today, and Linux has conquered basically every field except for the desktop market.
[...]
Security Onion is looking more and more polished with every year that passes, and it may be worth considering if you've got a deep enough security bench to customize, deploy and maintain Security Onion for your enterprise.
Siri, Alexa, and Google Assistant are vulnerable to attacks that use lasers to inject inaudible—and sometimes invisible—commands into the devices and surreptitiously cause them to unlock doors, visit websites, and locate, unlock, and start vehicles, researchers report in a research paper published on Monday. Dubbed Light Commands, the attack works against Facebook Portal and a variety of phones.
Shining a low-powered laser into these voice-activated systems allows attackers to inject commands of their choice from as far away as 360 feet (110m). Because voice-controlled systems often don’t require users to authenticate themselves, the attack can frequently be carried out without the need of a password or PIN. Even when the systems require authentication for certain actions, it may be feasible to brute force the PIN, since many devices don’t limit the number of guesses a user can make. Among other things, light-based commands can be sent from one building to another and penetrate glass when a vulnerable device is kept near a closed window.
The attack exploits a vulnerability in microphones that use micro-electro-mechanical systems, or MEMS. The microscopic MEMS components of these microphones unintentionally respond to light as if it were sound. While the researchers tested only Siri, Alexa, Google Assistant, Facebook Portal, and a small number of tablets and phones, the researchers believe all devices that use MEMS microphones are susceptible to Light Commands attacks.
We just celebrated Veterans Day, paying tribute to the young men and women who have served our country. Across the country, families gathered at the gravesites of those who gave their lives. Veterans drank toasts to their fellow soldiers.
On March 11, 1999, President Bill Clinton took an unprecedented step. During a four-nation visit to Central America, he expressed regret for the role the United States had played in a brutal counter-terrorism campaign that had caused the deaths of thousands of civilians in Guatemala’s civil war.
Lifting sanctions now would be a slap in the face to Congo’s victims of human rights abuses.
Researchers using figures from the social insurance institution Kela found that the number of antibiotic prescriptions fell by 29 percent between the years 2008 and 2018. This means one million fewer prescriptions were written last year than ten years prior.
[...]
One reason children's antibiotic use has fallen is likely the introduction of the pneumococcal vaccine to the national vaccination programme. The pneumococcal vaccine can prevent pneumonia, meningitis and sepsis in some cases.
The case, Chernaik v. Brown, is being closely watched by legal, governmental, and advocacy interests from across the state, who have argued its merits and advocated for climate remedies on behalf of youth. In June, as previously, dozens of public agencies, advocacy groups, a regional chapter of the NAACP, and two local governments filed friend of the court briefs in support of the€ plaintiffs.
Three out of four nations have yet to start to honour the global climate treaty. The world waits, the seas go on rising – and greenhouse gases too.
Researchers believe that the whale was formerly trained at a Russian military facility (hence his name, chosen through a Norwegian public poll – ‘hval’ is Norwegian for whale, and ‘dimir’ refers to Russian President Vladimir Putin). Marine animals are used in military programmes across the world and can be trained to find and retrieve lost equipment, detect mines or find intruders or divers.
The conservationist went on to stress that as a society we can’t leave climate change to the politicians.
“Most of our political systems have swung to the far right and it’s all about money and a lot of corruption out there, and no, I don’t have confidence, and so it’s up to us,” she told Hill.TV. These remarks came following a week of discussions on climate change at the United Nations General Assembly in New York City.
On December 12, the United Kingdom heads for its third general election since 2015.
Well, here we go again. So many politicians seem to think that Section 230 is the root of anything bad they see online, and insist that it needs to be removed to fix things that have nothing to do with 230. The latest is Joe Biden, who has a pretty horrible record regarding his own understanding of technology and the internet. In a weird comment on CNN about what to do about Facebook and moderating political advertising... Biden shifted the conversation to Section 230 after first making some false statements about what the law requires.
The Ukraine scandal is mostly viewed through the prism of politics — an attempt by President Donald Trump to gain an advantage over a political opponent. But, as most things are, it’s also about money — and we found lots of it flowing between key players in the scandal.
On this week’s episode of “Trump, Inc.,” we follow the money.
Police in Washington, D.C. surrounded the home of Code Pink activist Medea Benjamin and attempted to arrest her for “assaulting” Democratic Congresswoman Debbie Wasserman Schultz. But police did not have a warrant and apparently were uncertain whether an assault was even committed.
At the House Triangle by Capitol Hill, Wasserman Schultz and Republican Congressman Mario Diaz-Balart announced the formation of a “bipartisan Venezuela Democracy Caucus” to “support freedom for the Venezuelan people, who have endured years of suffering under brutal and illegitimate tyranny.”
The Supreme Court on Tuesday heard oral arguments in a legal challenge being brought against President Trump’s decision to end the Deferred Action for Childhood Arrivals (DACA) program. DACA, enacted by President Barack Obama in 2012, enabled roughly 800,000 young, undocumented people to defer their deportations and live and work in the U.S.
Perhaps the only fact on James Le Mesurier about which I would agree with the MSM war cheerleaders is that he was a very busy man. It is remarkable therefore that he found the time and inclination to follow “Philip Cross” on twitter. Given that “Philip Cross” has virtually never posted an original tweet, and his timeline consists almost entirely of retweets of Nick Cohen, David Aaronovitch and openly pro-Israel propaganda accounts, why would Le Mesurier bother to follow him?
US President Donald Trump is set to host his Turkish counterpart Recep Tayyip Erdogan for the second time on Tuesday. Trump tweeted he was looking forward to the meeting, but not everyone is happy with the visit, starting with Washington's Kurdish diaspora.
In the run-up to the 2016 election, White House senior policy adviser Stephen Miller promoted white nationalist literature, pushed racist immigration stories and obsessed over the loss of Confederate symbols after Dylann Roof’s murderous rampage, according to leaked emails reviewed by Hatewatch.
The emails, which Miller sent to the conservative website Breitbart News in 2015 and 2016, showcase the extremist, anti-immigrant ideology that undergirds the policies he has helped create as an architect of Donald Trump’s presidency. These policies include reportedly setting arrest quotas for undocumented immigrants, an executive order effectively banning immigration from five Muslim-majority countries and a policy of family separation at refugee resettlement facilities that the Department of Health and Human Services’ Office of Inspector General said is causing “intense trauma” in children.
The ongoing Hong Kong protests aren't going to end anytime soon, but the government keeps throwing stuff against the wall to see what sticks. While US corporate entities are busy exchanging their spines for Chinese market share, those actually on the front lines are standing up for Hong Kong protesters.
Today, we are told that the bigness of Big Tech giants was inevitable: the result of "network effects." For example, once everyone you want to talk to is on Facebook, you can't be convinced to use another, superior service, because all the people you'd use that service to talk to are still on Facebook. And of course, those people also can't leave Facebook, because you're still there.
But network effects were once a double-edge sword, one that could be wielded both by yesterday's Goliaths and today's Davids. Once, network effects made companies vulnerable, just as much as they protected them.
The early, pre-graphic days of the Internet were dominated by Usenet, a decentralized, topic-based discussion-board system that ran on UUCP -- AT&T's Unix-to-Unix Copy utility -- that allowed administrators of corporate servers to arrange for their computers to dial into other organizations' computers and exchange stored messages with them, and to pass on messages that were destined for more distant systems. Though UUCP was originally designed for person-to-person messaging and limited file transfers, the administrators of the world's largest computer systems wanted a more freewheeling, sociable system, and so Usenet was born.
Usenet systems dialed each other up to exchange messages, using slow modems and commercial phone lines. Even with the clever distribution system built into Usenet (which allowed for one node to receive long-distance messages for its closest neighbors and then pass the messages on at local calling rates), and even with careful call scheduling to chase the lowest long-distance rates in the dead of night, Usenet was still responsible for racking up some prodigious phone bills for the corporations who were (mostly unwittingly) hosting it.
The very largest Usenet nodes were hosted by companies so big that their Usenet-related long distance charges were lost in the dictionary-sized bills the company generated every month (some key nodes were operated by network administrators who worked for phone companies where long-distance calls were free).
The administrators of these key nodes semi-jokingly called themselves "the backbone cabal" and they saw themselves as having a kind of civic duty to Usenet, part of which was ensuring that their bosses never got wind of it and (especially) that Usenet never created the kind of scandal that would lead to public outcry that would threaten the project.
Which is why the backbone cabal was adamant that certain discussion forums be suppressed. Thanks to a convention proposed by EFF co-founder John Gilmore, there was a formal process for creating a Usenet newsgroup, requiring that a certain number of positive votes be cast for the group's creation by Usenet's users, and that this positive force not be checked by too many negative votes. Though this compromise stacked the deck against controversy by allowing a critical mass of objectors to block even very popular proposals, some proposed controversial newsgroups made it through the vote.
When that happened, the backbone cabal response was to "protect Usenet from its own users," by refusing to carry these controversial newsgroups on their long-haul lines, meaning that all the local systems (who depended on on the backbone to serve up UUCP feeds without long-distance fees) would not be able to see them. It was a kind of network administrator's veto.
Usenet users chafed at the veto. Some of the "controversial" subjects the cabal blocked (like recreational drugs) were perfectly legitimate subjects of inquiry; in other cases (rec.gourmand -- a proposal for a group about cooking inside the "recreation" category, rather than the "talk" category), the cabal's decision was hard to see as anything but capricious and arbitrary.
In response, John Gilmore, Gordon Moffett and Brian Reid created a new top-level category in the Usenet hierarchy: alt., and in 1987, the first alt. newsgroup was formed: alt.gourmand.
The backbone did not carry the alt. hierarchy, but that wasn't the end of things. Gilmore was willing to subsidize the distribution of the alt. hierarchy, and he let it be known that he would pay the long distance charges to have his UUCP server dial up to distant systems and give them an alt. feed. Because UUCP allowed for the consolidation of feeds from multiple sources, Usenet users could get their regular Usenet feeds from the backbone cabal, and their alt. feeds from Gilmore; as time went by and new services like Telenet provided new ways of bridging systems that were cheaper than long-distance modem calls, and as the modems themselves got faster, and an Internet protocol for Usenet messages called NNTP was created and the alt. hierarchy became the most popular part of Usenet.
A federal court in Boston has ruled that suspicionless searches of the smartphones and laptops of travelers violates the Fourth Amendment of the Constitution. The American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF) worked together to achieve this new precedent. The ACLU released the welcome news on November 12th, calling the court decision a “major victory for privacy rights.” Jessie Rossman of the ACLU of Massachusetts concisely summarized the court decision for TIME Magazine...
Facebook Inc. removed tens of millions of user posts in the past six months for violating its terms of service regarding issues like child pornography, drug sales and terrorism. Millions more were removed from Instagram.
That’s according to a report released Wednesday by Facebook that details how the social media company enforces its own content policies. The report, which is published every six months and for the first time includes data from Instagram, said that Facebook identifies most of the content it removes automatically using its own software algorithms.
Facebook is including Instagram in its transparency report for the first time, releasing data on how the company moderates content related to child exploitation, self-harm, terrorist propaganda, and drug and firearm sales. Notably absent from the report is information on how fake accounts, hate speech, and violent content are regulated on the photo-sharing app.
The information is part of Facebook’s quarterly “community standards” transparency report, which tracks the company’s ongoing efforts to moderate content on the platform. The last report, released in May, showed a sharp increase in the number of abusive accounts on Facebook, and a downtick in the number of posts containing violent content the company detected and removed.
Governments across the world have exploited the gap between the pace of technological development and the formulation of laws to infringe on the rights of citizens.
The recent controversy that erupted over the Israeli spyware Pegasus that was used to snoop on at least 100 Indian journalists, activists and politicians on WhatsApp raises some serious concerns over targeted surveillance, especially since that the central government is suspected to have been directly involved. This is not the first time that data privacy has been violated in India. Another reading list by EPW Engage has looked at how unregulated mass surveillance benefits the government and helps to further the commercial interests of the corporate sector. Legislation protecting individual data privacy has also been quite poor — though the Puttaswamy judgment was considered a landmark judgment in the Aadhaar case, it has fallen short in terms of implementation.
The Pegasus case came to light when messaging platform WhatsApp submitted a disclosure in a United States court that they had discovered that the Israeli surveillance company NSO had developed and used the spyware to hack into phones across the world, of which 121 were reportedly in India. While, several opposition leaders have been vocal in holding the central government responsible, union information technology minister Ravi Shankar Prasad made a statement that turned the tables around to hold WhatsApp answerable for the breach, claiming that the government had not been notified by the messaging platform. WhatsApp responded on 3 November stating that it had informed the Indian government of the breach twice, once in May and again in September this year. In keeping with demands, of the opposition, a standing committee has been set up to investigate the case, and is scheduled to meet on 20 November.
Papua New Guinea has been arbitrarily detaining rejected asylum seekers virtually incommunicado in the Bomana Immigration Centre, raising serious concerns about their health and safety, Amnesty International and Human Rights Watch said today. The men should be freed.
A report made public Wednesday by the U.S. Commission on Civil Rights called on Congress to adopt legislation that would use funding to incentivize police departments across the country to produce annual accountings of hate crimes. The commission also recommended that the police departments establish dedicated hate crime units aimed at better identifying and investigating reports of those incidents.
The commission issued its proposals a day after the latest FBI report on hate crimes, an accounting the commission said remained deeply flawed. The FBI’s report, the commission noted, still depends on the voluntary submission of data from local police agencies, a process that has regularly produced what almost everyone agrees is a vast undercount of actual hate crimes.
Iraqi security forces have attacked medical workers for treating protesters since protests began on October 25, 2019, firing on medical workers, tents, and ambulances with teargas and live ammunition, Human Rights Watch said today. The attacks have left at least one doctor dead.
The government of Nepal should ensure that forthcoming legislation to regulate social organizations protects the right to freedom of association.
The€ Vietnamese€ authorities should drop all charges against human rights activist Nguyen Nang Tinh and immediately release him.
At one detention center, only 10 percent of asylum-seekers have been allowed to bring their case before an immigration judge since July—down from 97 percent.
Tunisia’s parliament should carry out a reform agenda to address ongoing human rights problems in the country, Human Rights Watch said today as the new People’s Assembly is inaugurated.
One of the most popular chants in Hong Kong is “Five demands, not one less.” These include the full withdrawal of the anti-extradition bill, which originally sparked the protests in June; an independent commission to investigate police misconduct; retracting the riot charges against protesters; amnesty for arrested protesters; and, crucially, universal suffrage.
Nothing animates the Hong Kongers I’ve been talking with as much as that final demand. Yesterday, the police shot one protester in the stomach at point-blank range, and another police officer drove into the protesters with his motorcycle, weaving into the crowd to circle back again. Later in the day, Hong Kong’s chief executive, Carrie Lam, gave a press conference and, in chilling language, called the protesters the “enemy of the people.” She was voted into office by 777 people from the 1,200-person “Election Committee,” many of whose members are businesspeople with close ties to mainland China. It’s fair to describe her as handpicked by Beijing. Polls in October showed her popularity around 22 percent, with just over one in 10 Hong Kongers saying that they would vote for her voluntarily. No wonder the protesters want the right to elect their own leaders.
You are probably wondering why I am writing about debt collection and hostages when the theme of this post is reducing your China factory pricing. The reason is simple: when Chinese companies believe you will be leaving them/leaving China, alleged creditors come out of the woodwork. The tax authorities will come up with taxes that you owe. Your factory will explain why you owe it way more than you thought you did. Your factory’s sub-suppliers may send you bills for components you never ordered and never knew you were responsible for paying. You will get a bill for the molds and the tooling and the design work your factory did years ago and you thought (rightfully so until now) was included in your product pricing. These sorts of things do not always happen, but they happen often enough that you need to be prepared for them. The first rule is that you should have this discussion with your factory from your own country, not at a face-to-face meeting in the corrupt Chinese town where your factory wields its power.
One week after thousands of Instacart workers took part in a 72-hour strike, the San Francisco-based company — which promises same-day grocery deliveries by paying gig workers to pick up things at the grocery store for “busy” people — made an announcement: They were cutting a bonus that their shopper contractors received for quality work.
The #MeToo movement looked as if it might return feminists to their roots and prioritize fighting male sexual violence. But too many of us are confusing street theater with electoral politics. “Nasty women” wearing hijabs, screaming hatred, and issuing Black Power salutes believe that acting up and acting out is equivalent to lawful, courtroom procedures. Many social justice warriors view angry personal confrontations with Bad Guys in elevators, restaurants, or outside the Bad Guy’s home, as a form of feminist revolution.
While the DOJ (run by former Verizon lawyer William Barr) and the FCC (run by former Verizon lawyer Ajit Pai) are really excited to rubber stamp Sprint's $26 billion competition-eroding merger with T-Mobile, a bipartisan coalition of states are all that stand in the way in the deal. What began as a coalition of ten states had been slowly expanding over the last few months to include states like Texas. Collectively, state AGs have made it very clear that every meaningful economic metric indicates the deal will erode competition, raise rates, and result in thousands of layoffs as redundant employees are inevitably eliminated.
Today, the Public Interest Registry (PIR), which maintains the .org top-level domain, announced that it will be acquired by Ethos Capital, a private equity firm (via Domain Name Wire). This move will make PIR, previously a non-profit domain registry, officially part of a for-profit company — which certainly seems at odds with what .org might represent to some. Originally, “.org” was an alternative to the “.com” that was earmarked for commercial entities, which lent itself to non-profit use.
That’s not all: On June 30th, ICANN, the non-profit that oversees all domain names on the internet, agreed to remove price caps on rates for .org domain names — which were previously pretty cheap. Seems like something a for-profit company might want.
Previously trialled in India, Facebook Pay allows folks to add their debit or credit card to the payment service and then use it to pay for stuff in Facebook's aforementioned messaging services and picture-posting apps, as well as its main social network.
At least it will do at some point, as while Facebook Pay is launching in the US this week, it'll only support payments in Messenger and the main Facebook platform. WhatsApp and Instagram support its expected "over time" but no firmed up roll out date was given.
The World Intellectual Property Organization (WIPO) and the Indian Patent Office (IPO) have collaborated once more in order to organize PCT Roving Seminars in India. The seminars are being organized in association with Industry Associations, ASSOCHAN and CII. As per the notification published on IP India, the seminars are being conducted as a symbol of WIPO’s continuing efforts to increase global awareness regarding IPR and innovation. The Roving Seminars are likely to be beneficial to anybody seeking to protect their inventions globally. During the seminar, WIPO and IPO officials will brief the participants on the functioning of the PCT System and will also provide guidance to create online accounts to access the ePCT portal. This time, the Seminars have been scheduled in four cities, namely, Ahmedabad, Vishakhapatnam, Indore and Kochi.
[...]
On November 6th 2019, the Bombay High Court issued a notice directing that all IP related matters seeking ex-parte orders and demanding urgent attention be heard “in chamber.” Mumbai Mirror has reported that the motive behind this move is to ensure that essential information relating to the case does not reach the wrong hands. In-chamber hearing is likely to prevent leak of key information and ensure maintenance of secrecy. This is also expected to be beneficial to the plaintiff at the time of conducting a raid on the premises of the defendant. Cases that are to be heard in-chamber will not be mentioned in open court nor will the cases be displayed on the High Court website. While some IP advocates have welcomed this move, others are of the opinion that it may be misused by many.
In August 2019, Taiwan's IP Court rendered a first-instance judgment holding that a headlight design patented by Daimler AG (for the headlight applied to Mercedez-Benz E-Class (W212)) was infringed by one of Taiwan's most active auto lamp manufacturers. In addition to granting Daimler's permanent injunction claims, the decision awarded Daimler compensatory damages in the amount of NT$30 million. Daimler AG v. DEPO Auto Parts Ind. Co., Ltd., 106 Min Zhuan Su 34, Taiwan's IP Court (August 2019). If this decision, currently appealed to the second-instance level, is eventually upheld by the higher courts, Taiwan's robust auto parts and accessories industry might need to reshape their development strategies, because under this decision the automotive aftermarket in Taiwan is very unlikely to be considered as an independent market to earn broader protection by the Fair Trade Act.
Among the many issues discussed in the more than 100-page judgment, the most intensely debated one is whether Daimler violated Taiwan's anti-trust regulations (mainly stipulated in the Fair Trade Act) for denying the defendant's request for license of the disputed design patent. Specifically, the judgment addressed two questions. First, under what conditions can we deem a patentee's refusal to deal as an act that unlawfully constrains competition? Second, under what conditions can we deem an original car manufacturer as having the dominant power in the automotive aftermarket (also called secondary market), especially the aftermarket pertaining to manufacturing and retailing of auto parts?
[...]
Another point worth noting is that Daimler was accused of breaching a commitment it made in 2003. The defendant asserted that, during the course of public deliberation for a then proposed amendment to the Germany's Act on the Legal Protection of Designs, Daimler "promised not to apply the Act to compete for market share with independent factories and independent parts traders." The reported decision did not side with the defendant, and the judge's analyses are equally thought-provoking. However, as that issue is of little relevance to Taiwan's IP laws or antitrust law, we will not delve into the details here.
Disney's exclusive streaming service launched in three countries this week. While many new subscribers flocked to the Disney+ platform, others went to pirate sites instead. For some, this is the only way to watch the highly anticipated Mandalorian series. To Disney this shouldn't come as a surprise and the company immediately tried to contain the damage by issuing takedown requests.
In March 2019, the European Parliament adopted the new Copyright Directive, including the widely opposed Article 13 (later renumbered to Article 17). Alongside fears that broad filtering will take place in the absence of official licensing on platforms like YouTube, more than 50 EU academics have now published advice aimed at limiting negative impact on end users.
Omniverse, a now-defunct supplier of IPTV streams, has agreed to pay $50 million in piracy damages to several Hollywood studios. Omniverse initially described the piracy allegations as "scandalous" but has since stepped back from its claim. Anti-piracy group ACE, which was a driving force behind the lawsuit, is pleased with yet another legal victory.