Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

Show Descriptions... (Show All/All+Images) (Single Column)

LinuxSecurity - Security Advisories



  • Debian: DSA-4487-1: neovim security update
    User "Arminius" discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi (Vi IMproved), which also affected the Neovim fork, an extensible editor focused on modern code and features:


  • Debian LTS: DLA-1863-1: linux-4.9 security update
    Jann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges under certain scenarios.










LWN.net

  • [$] Accessing zoned block devices with zonefs
    Zoned block devices are quite different than the block devices most peopleare used to. The concept came from shingledmagnetic recording (SMR) devices, which allow much higher densitystorage, but that extra capacity comes with a price: less flexibility. Zoneddevices have regions (zones) that can only be written sequentially; thereis no random access for writes to those zones. Linux already supports thesedevices, and filesystems are adding support as well, but some applicationsmay want a simpler, more straightforward interface; that's what a newfilesystem, zonefs, is targeting.


  • Security updates for Tuesday
    Security updates have been issued by Debian (libsdl2-image and libxslt), Oracle (java-1.8.0-openjdk and java-11-openjdk), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), SUSE (bzip2, microcode_ctl, and ucode-intel), and Ubuntu (clamav, evince, linux-hwe, linux-gcp, linux-snapdragon, and squid3).


  • [$] 5.3 Merge window, part 2
    At the end of the 5.3 merge window, 12,608 non-merge changesets had beenpulled into the mainline repository. Nearly 6,000 of those were pulledafter the first-half summary was written.As expected, there was still a lot of material yet to be merged for thisdevelopment cycle.


  • Security updates for Monday
    Security updates have been issued by Debian (bind9, exiv2, kernel, nss, openjdk-11, openjdk-8, patch, and squid3), Fedora (gvfs, libldb, and samba), Mageia (firefox, gvfs, libreswan, rdesktop, and thunderbird), openSUSE (bzip2, clementine, dbus-1, expat, fence-agents, firefox, glib2, kernel, kernel-firmware, ledger, libqb, libu2f-host, pam_u2f, libvirt, neovim, php7, postgresql10, python-requests, python-Twisted, ruby-bundled-gems-rpmhelper, ruby2.5, samba, webkit2gtk3, zeromq, and znc), Red Hat (java-1.8.0-openjdk, java-11-openjdk, rh-maven35-jackson-databind, rh-nodejs8-nodejs, and rh-redis5-redis), Slackware (kernel), and SUSE (ucode-intel).


  • Kernel prepatch 5.3-rc1
    Linus has released 5.3-rc1 and closed themerge window for this development cycle. "Anyway, despite the rockystart, and the big size, things mostly smoothed out towards the end of themerge window. And there's a lot to like in 5.3".



  • [$] Improving communities through documentation
    Documentation, said Riona MacNamara at the beginning of her OpenSourceSummit Japan 2019 talk, is the superpower that we can use to energize usersand developers; it is an important part of the creation of a vibrant andinclusive community. While there are a number of roadblocks that can impedeparticipation in a development community, many of those can be addressedwith better documentation. The talk was a call for all projects to thinkabout what they are trying to accomplish and to ensure that theirdocumentation is helping to get there.


  • Security updates for Friday
    Security updates have been issued by Debian (bzip2), Fedora (freetds, kernel, kernel-headers, and knot-resolver), openSUSE (bubblewrap, fence-agents, kernel, libqb, libu2f-host, pam_u2f, and tomcat), Oracle (vim), SUSE (kernel, LibreOffice, libxml2, and tomcat), and Ubuntu (libmspack and squid, squid3).


  • Cook: security things in Linux v5.2
    Over on his blog, Kees Cook runs through the security changes that came in Linux 5.2. "While the SLUB and SLAB allocator freelists have been randomized for a while now, the overarching page allocator itself wasn’t. This meant that anything doing allocation outside of the kmem_cache/kmalloc() would have deterministic placement in memory. This is bad both for security and for some cache management cases. Dan Williams implemented this randomization under CONFIG_SHUFFLE_PAGE_ALLOCATOR now, which provides additional uncertainty to memory layouts, though at a rather low granularity of 4MB (see SHUFFLE_ORDER). Also note that this feature needs to be enabled at boot time with page_alloc.shuffle=1 unless you have direct-mapped memory-side-cache (you can check the state at /sys/module/page_alloc/parameters/shuffle)."


  • [$] Kernel analysis with bpftrace
    At the 2019 Linux Storage, Filesystem,and Memory-Management Summit (LSFMM) Brendan Gregg gave a keynote on BPF observability that included a kernel issue he had debugged on Netflixproduction servers using bpftrace. In thisarticle, he provides a crash course on bpftrace for kernel developers—to help them moreeasily analyze their code.
    Subscribers can read on for a look at kernel analysis usingbpftrace from the upcoming weekly edition.


  • Security updates for Thursday
    Security updates have been issued by Arch Linux (chromium, firefox, and squid), CentOS (thunderbird and vim), Debian (libonig), SUSE (firefox, glibc, kernel, libxslt, and tomcat), and Ubuntu (libreoffice and thunderbird).



  • [$] What's coming in Python 3.8
    The Python 3.8 beta cycle is already underway, with Python 3.8.0b1released on June 4, followed by the second betaon July 4. That means that Python 3.8 is feature complete atthis point, which makes it a good time to see what will be part of it whenthe final release is made. That is currently scheduledfor October, so users don't have that long to wait to start using those newfeatures.


  • [$] Fedora, GNOME Software, and snap
    A question about the future of package distribution is at the heart of adisagreement about the snap plugin for the GNOME Software applicationin Fedora. In a Fedora devel mailing list thread,Richard Hughes raisedmultiple issues about the plugin and the direction that he sees Canonical taking with snaps for Ubuntu.He plans to remove support for the plugin for GNOME Software inFedora 31.


  • Security updates for Wednesday
    Security updates have been issued by Debian (libreoffice), Red Hat (thunderbird), SUSE (ardana and crowbar, firefox, libgcrypt, and xrdp), and Ubuntu (nss, squid3, and wavpack).



LXer Linux News

  • How to Install Bludit CMS with NGINX on Fedora 30
    Bludit is a simple, fast, secure, flat-file CMS that allows you to create your own website or blog in seconds. In this tutorial, we will go through the Bludit CMS installation and setup on Fedora 30 system by using NGINX as a web server.


  • The best Kde package manager that can replace Synaptic
    In Linux you need an advanced package manager to: Manage applications and libraries installed on your system to the package level. Search, install and remove packages and inspect their versions and their dependencies.In Debian based distributions (Debian-Ubuntu-Linuxmint ...), i installed Synaptic which is a GTK based app that do the job, but it's look ugly on Kde, so i searched for a Qt based alternative and finally i find a great tool.


  • Quick Change in CEOs at SUSE Linux
    The company behind SUSE Linux Enterprise Server and related software suddenly announced a new CEO, just months after becoming independent.


  • Install WordPress with Docker Compose using Nginx
    Install WordPress with Docker Compose using Nginx, PHP7.2-FPM. In this article you are going to learn how to install and configure WordPress with Nginx, PHP-FPM with Docker, Docker Compose and connect to remote MySQL database. We will also install PhpMyAdmin and connect it with Cloud SQL




  • What Does It Take to Make a Kernel?
    The kernel this. The kernel that. Peopleoften refer to one operating system's kernel or another withouttruly knowing what it does or how it works or what it takes to makeone. What does it take to write a custom (and non-Linux) kernel?






  • Monitoring Linux Logs with Kibana and Rsyslog
    If you are a system administrator, or even a curious application developer, there is a high chance that you are regularly digging into your logs to find precious information in them. In this tutorial, we are to build a complete log monitoring pipeline using the ELK stack (ElasticSearch, Logstash and Kibana) and Rsyslog as a powerful syslog server.



  • How To Create and List Local and Remote Git Branches
    Branches are part of the software development process and one of the most powerful features in Git. Branches are essentially pointers to a certain commit. When fixing a bug or working on a new feature, developers are creating a new branch which later can be merged into the main codebase.





  • GRUB Configuration
    The GRand Unified Bootloader (GRUB) is used by systems to take control after the system BIOS is completed. GRUB may then show a menu to allow a user to choose from multiple Operating Systems (OS) or kernels of a specific OS.


  • Contribute at the Fedora Test Week for kernel 5.2
    The kernel team is working on final integration for kernel 5.1. This version was just recently released, and will arrive soon in Fedora. This version has many security fixes included. As a result, the Fedora kernel and QA teams have organized a test week from Monday, Jul 22, 2019 through Monday, Jul 29, 2019. Refer […]


  • System administrator responsibilities: 9 critical tasks
    System administrators are critical to the reliable and successful operation of an organization and its network operations center and data center. A sysadmin must have expertise with the system's underlying platform (i.e., Windows, Linux) as well as be familiar with multiple areas including networking, backup, data restoration, IT security, database operations, middleware basics, load balancing, and more. Sysadmin tasks are not limited to server management, maintenance, and repair, but also any functions that support a smoothly running production environment with minimal (or no) complaints from customers and end users.


[[LinuxInsider

	Copyright 2019
	http://www.linuxinsider.com|Linux Insider"LinuxInsider"]]
  • Neon: A Wannabe Linux Distro For KDE Lovers
    KDE Neon is a bit of an oddball Linux thing. Linuxland has an impressive collection of oddball things. Neon looks and feels much like a Linux distribution, but its developers assert quite openly on their website that Neon is not a real Linux distro. It just installs and functions like one -- sort of. That can make deciding to use it a little confusing.


  • Code Cracker Turing to Be on 50-Quid Notes
    Alan Turing, the British mathematician known for his World War II code-breaking exploits and for a test to distinguish between human and machine intelligence, will be on 50-pound notes in the UK by the end of 2021. The Bank of England, which made the announcement, explained that Turing, who died in 1954, was chosen from a field of 989 eligible characters after a public nomination period.


  • Social Media, Crafters, Gamers and the Online Censorship Debate
    Ravelry, an online knitting community that has more than 8 million members, last month announced that it would ban forum posts, projects, patterns and even profiles from users who supported President Trump or his administration. "We cannot provide a space that is inclusive of all and also allow support for open white supremacy," the administrators of Ravelry posted on the site.


  • Debian Linux 10 'Buster' Places Stability Ahead of Excitement
    After 25 months of development, the makers of the granddaddy of the Linux OSes released an upgrade that updates many of the software packages and plays general catch-up with modern Linux trends. However, Debian Linux 10 Buster is a boring upgrade. It does little to draw attention to its merits. For serious Linux users, though, boring can be endearing.


  • The Router's Obstacle-Strewn Route to Home IoT Security
    It is newly minted conventional wisdom that not a single information security conference goes by without a presentation about the abysmal state of IoT security. While this is a boon for researchers looking to make a name for themselves, this sorry state of affairs is definitely not beneficial for anyone who owns a connected device. IoT device owners aren't the only ones fed up, though.


  • Mageia 7 Pushes Linux Desktop Boundaries
    Mageia 7 redefines the concept of traditional Linux. It is a solid operating system well suited to both newcomers and seasoned Linux users alike. The Mageia distro is a powerhouse Linux OS filled with features and options unmatched in other Linux versions. Mageia Linux is a fork of the now-defunct Mandriva Linux. The first Mageia version was released in September 2010.


  • Can You Hear Me Now? Staying Connected During a Cybersecurity Incident
    While good communication is pretty much universally beneficial, there are times when it's more so than others. One such time? During a cybersecurity incident. Incident responders know that communication is paramount. Even a few minutes might mean the difference between closing an issue vs. allowing a risky situation to persist longer than it needs to.


  • Escuelas Linux Is Much More Than an Enlightened Linux Retread
    Escuelas Linux caught me by surprise. This Linux distro is a prime example of how a programmer can take an open source operating system that matches his own developmental strategy and turn it into a much different product with an identical look and feel. What makes the surprise so appealing is how effectively one distro becomes another while both continue to coexist equally.


  • Next-Gen Raspberry Pi 4 Packs Power Plus Potential
    The next big Raspberry Pi thing is now here, with lots more computing power and more options. The Raspberry Pi Foundation has announced the availability of Raspberry Pi 4, a comprehensive upgrade that touches nearly every element of the computing platform. Users have a choice of three memory capacities. The entry-level 1 GB RAM retains the signature $35 price; 2 GB costs $45; 4 GB sells for $55.


  • With Regolith, i3 Tiling Window Management Is Awesome, Strange and Easy
    Regolith Linux brings together three unusual computing components that make traipsing into the i3 tiling window manager world out-of-the-box easy. Much of the focus and attraction -- as well as confusion -- for newcomers to the Linux OS is the variety of desktop environments available. Some Linux distributions offer a range of desktop types. Others come only with a choice of one desktop. i3 provides yet another option.


  • Firefox Users Warned to Patch Critical Flaw
    Firefox users should update their browsers immediately to fix a critical zero-day vulnerability. Anyone using Firefox on a Windows, macOS or Linux desktop is at risk. Mozilla issued a patch Tuesday, but the vulnerability was discovered by Samuel Gro of Google Project Zero on April 15. Mozilla's fix came after Coinbase reported exploitation of the vulnerability for targeted spearphishing attacks.


  • In Zuck We Trust: Facebook to Launch Own Cryptocurrency
    Facebook's plans to mint its own digital coin will test the company's consumer credibility. After being savaged for months for its cavalier attitude toward users' privacy, the social network will be asking those same users to trust its new cryptocurrency. The currency, called "Libra," will be stashed in a digital wallet, the first product of new Facebook financial services subsidiary Calibra.


  • Enso OS Makes Xfce Elementary
    Sometimes new Linux distros still in beta can offer pleasant surprises with a key feature not available elsewhere. Check out Enso OS for a prime example. Enso OS is a relatively new Linux distribution that debuted a couple of years ago. It is a custom build of Xubuntu 18.04 and features the Xfce desktop combined with Gala, a Mutter-based window/compositing manager.


  • How to Sync Google Drive on Linux
    Two of the more commonly used cloud storage services for personal use are Google Drive and Dropbox. Both cloud services are simple to set up and use reliably. Either one can be a suitable choice for storing personal files using free or paid plans. That said, Google Drive requires a manual overhead to manage files through its Web browser-only interface.


  • MX Linux Reinvents Computer Use
    MX Linux is a blend of mostly old and some new things, resulting in an appealing midweight Linux OS. The midweight category is a bit unusual. Desktop environments that run well on minimal hardware typically fall into the lightweight category. Lightweight environments like Xfce, LXDE/LXQt, Enlightenment and iceWM often are paired with software applications that do not tax system resources.


  • Deepin Linux: Security Threat or Safe to Use?
    Open source operating systems in general are less worrisome because their code is open to inspection by anyone with the skills to understand it. Does that mean Linux computing platforms from nongovernmental sources in politically tense countries are equally worry-free? At least one situation has brought FOSS' safe-to-use reputation into question, and it involved the Deepin Linux distribution.



Slashdot

  • A New Report Documents Two Years of Science Being Scrubbed From .Gov Sites
    An anonymous reader quotes a report from Motherboard: A report published by the Environmental Data & Governance Initiative (EDGI) on Monday found that language related to climate change has disappeared at an alarming pace since Trump took office in 2016. Across 5,301 pages -- ranging from websites belonging to the Environmental Protection Agency (EPA) to the U.S. Geological Survey (USGS) -- the use of the terms "climate change," "clean energy," and "adaptation" plummeted by 26 percent between 2016 and 2018. Of the pages where "climate change" was stricken, more than half belong to the EPA. The EPA homepage was the 1,750th most-visited website in the U.S. in early 2019, according to the report, giving it more reach than Whitehouse.gov. But "unlike the much-discussed White House effort to question climate change findings, website changes go unannounced and are often beyond immediate public recognition," the report argues. "They insidiously undermine publicly-funded infrastructure for knowledge dissemination."   According to the report, clear scientific terminology on government websites was often replaced with politicized language such as "energy independence," a buzzword ripped directly from Trump's "America First Energy Plan" which demands an increase in fossil fuel production. The watchdog also found evidence of "diminished connections" between climate change and its effects on government websites, or quite literally, the breaking of links between public information about the topic.
            

    Read more of this story at Slashdot.


  • IBM Gives Cancer-Killing Drug AI Project To the Open Source Community
    IBM has released three artificial intelligence (AI) projects tailored to take on the challenge of curing cancer to the open-source community. ZDNet reports: The first project, dubbed PaccMann -- not to be confused with the popular Pac-Man computer game -- is described as the "Prediction of anticancer compound sensitivity with Multi-modal attention-based neural networks." IBM is working on the PaccMann algorithm to automatically analyze chemical compounds and predict which are the most likely to fight cancer strains, which could potentially streamline this process. The ML algorithm exploits data on gene expression as well as the molecular structures of chemical compounds. IBM says that by identifying potential anti-cancer compounds earlier, this can cut the costs associated with drug development.   The second project is called "Interaction Network infErence from vectoR representATions of words," otherwise known as INtERAcT. This tool is a particularly interesting one given its automatic extraction of data from valuable scientific papers related to our understanding of cancer. INtERAcT aims to make the academic side of research less of a burden by automatically extracting information from these papers. At the moment, the tool is being tested on extracting data related to protein-protein interactions -- an area of study which has been marked as a potential cause of the disruption of biological processes in diseases including cancer.   The third and final project is "pathway-induced multiple kernel learning," or PIMKL. This algorithm utilizes datasets describing what we currently know when it comes to molecular interactions in order to predict the progression of cancer and potential relapses in patients. PIMKL uses what is known as multiple kernel learning to identify molecular pathways crucial for categorizing patients, giving healthcare professionals an opportunity to individualize and tailor treatment plans.
            

    Read more of this story at Slashdot.


  • UPS Is Launching a Drone Delivery Service In the US
    The United Parcel Service (UPS) announced it has submitted an application to the FAA to operate commercial delivery drones in the U.S., through a new subsidiary called UPS Flight Forward. Quartz reports: The company has been working closely with the FAA over the last year; in 2018, the agency launched a program to test out drones in a range of autonomous flying situations, and UPS was one of the accepted applicants. It's been couriering lab samples around the WakeMed hospital campus in Raleigh, North Carolina, in partnership with the drone startup Matternet. Bala Ganesh, head of UPS's advanced technology group, says that once the FAA has certified the new company, it plans to build upon the work it's been doing in healthcare deliveries.   UPS is hoping to get its certification later this year, at which point Ganesh says the company will expand its drone activities in three ways. First, it wants to replicate the work it's done at WakeMed at other large medical facilities that need lab work ferried around as quickly as possible. It then wants to begin flying farther, using autonomous drones to potentially fly between five and ten miles from their point of origin. (Right now, most drone operations in the US need to be conducted within the line of sight of a pilot.) After that's been mastered, UPS wants to fly its drones at night. UPS doesn't plan, at least for the near future, to offer drone deliveries to regular customers, so don't expect to be getting your next online order delivered to your house by drone. For now, it's concentrating on small payloads for healthcare
            

    Read more of this story at Slashdot.


  • Air Travelers May Have To Pay Carbon Charge To Offset Emissions
    Air passengers may have to pay an extra "carbon charge" on flights as part of a UK government initiative to reduce CO2 emissions and tackle the climate crisis. From a report: Passengers could choose to pay more for travel tickets, which would then be used to offset greenhouse gas emissions. Or the scheme could work on an "opt-out" basis and also be applied to trains, buses and ferries. Ministers hope the plans will raise awareness about the effects of public transport on the environment. The extra funds could be used to spearhead eco-friendly projects such as planting trees to reduce the carbon footprint. The government said it hoped the initiative would "drive consumer choices towards less polluting journey options."   However, the transport secretary, Chris Grayling, has launched a call for evidence on offsetting carbon emissions produced by public transport. In addition, the government has expressed concerns consumers may not trust that their payments are supporting worthwhile causes. Grayling said on Thursday: "Climate change affects every one of us and we are committed to ensuring that transport plays its part in delivering net zero greenhouse gas emissions by 2050."
            

    Read more of this story at Slashdot.


  • Ford Teases All-Electric F-150 Pickup Truck By Pulling a Million-Pound Train
    An anonymous reader quotes a report from The Verge: In 2017, Ford announced that it would sell an all-electric version of its best-selling F-150 pickup truck. It plans to start selling a hybrid version in 2020, and as a way to start priming the pump (or plug, as it were) for a vehicle that will no doubt be a very big deal, the company released a video Tuesday demonstrating the electric truck's remarkable towing capacity. The electric prototype is seen pulling 10 double-decker rail cars over 1,000 feet. It does it once when the rail cars are empty and a second time with them loaded with 42 regular, gas-burning F-150s. The latter stunt puts the entire load at 1.25 million pounds, according to Linda Zhang, chief engineer on the electric truck project. In the fine print, Ford describes the towing stunt as a "one-time short event demonstration" and claims it is "far beyond any production truck's published capacity." Right now, Tesla holds the record for pulling the heaviest load, when a Model X towed a 287,000-pound Boeing 787-9 Dreamliner nearly 1,000 feet on a taxiway at the Melbourne Airport in Australia last year. In June, Elon Musk teased Tesla's upcoming Pickup truck and took a swipe at Ford and other truck companies, saying: "It's going to be a truck that is more capable than other trucks. The goal is to be a better truck than a [Ford] F-150 in terms of truck-like functionality and be a better sports car than a standard [Porsche] 911. That's the aspiration."   He also said in a tweet that the towing capacity would be 300,000 pounds.
            

    Read more of this story at Slashdot.


  • Ask Slashdot: Why Does Suicide Seem To Be More Common Among Tech Workers?
    tripleevenfall writes: At numerous points during my career in the tech industry, my workplaces have been affected by the suicide of an employee. Usually beginning with the receipt of a vague email that management has been "saddened" that someone had "passed away" recently, the truth soon becomes known and the questions begin circulating again. Why does suicide seem to be more common among tech workers? Is it due to lifestyle choices commonly associated with tech workers that lead to isolation? Are the personality types that choose tech work more prone to mental illnesses?
            

    Read more of this story at Slashdot.


  • Facial Recognition May Be Banned From Public Housing Thanks To Proposed Law
    Lawmakers in Congress are expected to introduce landmark legislation this week that will ban facial recognition technology from public housing. Called the No Biometric Barriers to Housing Act, the proposed bill would prohibit housing units that receive funding from the Department of Housing and Urban Development from using technology like facial recognition. It would also require HUD to submit a report on facial recognition, detailing its impact on public housing units and their tenants. CNET reports: This would be the first federal bill that looks at what technology landlords can impose on tenants. While the law would only affect HUD housing, it could raise awareness for a broader set of landlords and tenants, and it comes as people are increasingly questioning the threats to privacy that stem from facial recognition. The only other federal bill on facial recognition is the Commercial Facial Recognition Privacy Act, introduced in March by Sens. Roy Blunt, a Republican from Missouri, and Brian Schatz, a Democrat from Hawaii. There also aren't any laws on technology that landlords can impose on tenants. More than 20,000 homes in the last two years have been converted into smart homes by landlords, even as tenants complain about privacy concerns and issues with faulty locks.
            

    Read more of this story at Slashdot.


  • Dropbox Irks Mac Users With Annoying Dock Icon, Offers Clueless Support
    An anonymous reader quotes a report from Ars Technica: Dropbox now opens a new file browser and an associated Dock icon every time it starts, even if you don't want it to. If you're not familiar with Macs, the Dock is the line of applications on the bottom of the screen (or the side, if you've moved it in the settings) and serves the same function as the Windows Taskbar. If my computer restarts or if Dropbox restarts, the new Dropbox window that I don't want pops up in the Dock. This isn't a huge deal, as I can quit Dropbox's new file browser and get rid of that Dock icon each time my computer starts up. I'm not going to stop using Dropbox -- I've been paying the company $138 a year for 2TB of storage and for 12 months' worth of file history, which saves all deleted files and revisions to files. (It's going up to $158 next time I get billed, in February.) It's worth it to me because Dropbox still works great, while the alternatives have always been unreliable or disappointing in other ways when I've tried them. I'll get into that more later in this article.   But the Dock icon and window is a major change in how Dropbox presents itself to users. Dropbox has always been the kind of application that is there when you need it and gets out of the way when you don't. Dropbox's syncing and file-sharing features are integrated with the Finder (the Mac file manager), and there's a little icon in the Mac's Menu Bar at the top of the screen for when you need to change a setting. But now, Dropbox wants to be front and center at all times. The company built its own file browser to replace what's already available in the Mac Finder, and it opens that new file manager every time Dropbox starts. We wrote about it last week when Dropbox started rolling it out to more users. I've had it for more than a month since I somehow ended up in Dropbox's Early Access program. Ars' Jon Brodkin, the author of the article, also discovered that "there are numerous Dropbox support employees who apparently have never used their company's Mac application and do not understand how it works." Specifically, the employees Brodkin talked to didn't know "that it's possible for Mac applications to run without a Dock icon even though that's exactly how Dropbox worked for a decade... And they've been giving bad advice to users who want to change back to the old way of doing things."
            

    Read more of this story at Slashdot.


  • BMW To Treat Apple CarPlay as a Subscription Service and Charge Customers an Annual Fee
    BMW will turn Apple CarPlay into a subscription service beginning with its 2019-model-year vehicles. From a report: The German automaker currently charges a one-time $300 to add Apple CarPlay capability to navigation-equipped BMW models. Going forward, though, navigation-equipped BMWs will come with CarPlay at no charge for one year. Following that first year, customers will need to pay an annual fee of $80 to maintain the relationship between their Apple device and their BMW's infotainment system. BMWs currently are not compatible with Android Auto, although the company did announce its plans to integrate Google Assistant and Amazon Alexa services into its vehicles. [...] Regardless, BMW's decision to charge a yearly fee for CarPlay is contrary to industry norms, as all other automakers include the service as a standard or optional feature that spans the life of the vehicle, similar to a sunroof or AM/FM radio. We'll see if other manufacturers follow BMW's lead in the future or whether the market will force the automaker to fall back into line and provide it at no extra cost.
            

    Read more of this story at Slashdot.


  • Justice Department To Open Broad, New Antitrust Review of Big Tech Companies
    schwit1 shares a report from The Wall Street Journal: The Justice Department is opening a broad antitrust review into whether dominant technology firms are unlawfully stifling competition (Warning: source paywalled; alternative source), according to department officials, adding a new Washington threat for companies such as Facebook, Google, Amazon and Apple. The review is geared toward examining the practices of online platforms that dominate internet search, social media and retail services, the officials said.   The new antitrust inquiry is the strongest signal yet of Attorney General William Barr's deep interest in the tech sector, and it could ratchet up the already considerable regulatory pressures facing the top U.S. tech firms. The review is designed to go above and beyond recent plans for scrutinizing the tech sector that were crafted by the department and the Federal Trade Commission. Justice Department officials said they would use the new antitrust review to seek extensive input and information from industry participants, and eventually from the dominant tech firms themselves. It isn't yet known whether much of the information-gathering will be done on a voluntary basis or if companies eventually could be compelled by the government to turn over materials. "There is no defined end-goal yet for the Big Tech review other than to understand whether there are antitrust problems that need addressing, but a broad range of options are on the table," the report adds. "The department's inquiry could eventually lead to more focused investigations of specific company conduct."
            

    Read more of this story at Slashdot.


  • Airlines Are Finally Fixing the Middle Seat
    An anonymous reader shares a report: "There's no justice in air travel," an airline industry insider once told me. A third of passengers on planes get stuck with a middle seat, getting smushed for hours at a time in a chair that costs exactly the same ticket price as a window or aisle. That just stinks. But what if we could rethink the middle seat to be more comfortable? In 2017, we wrote about a landmark airplane seat called the S1. Its design is unique in that it staggers the typical three-seat arrangement, so that middle-seat passengers sit slightly behind others in their row. Last month, the S1 received FAA approval to be installed on planes; an undisclosed U.S .airline will be putting them on 50 planes by the end of 2020.   The S1 has been in development for five years, and the team behind it at Molon Labe Seating is a mere six people, including sales and operations staff. Designed for commuter flights of only a few hours max, the S1 moves the middle seat a few inches lower than, and back from, the aisle and window seat. It also widens the seat by about three inches. This allows your arms, shoulders, thighs, and elbows to spread just a bit more than they otherwise could, without giving the seat more legroom or reducing a plane's seating capacity (which translates to profit margins for airlines). "We have discovered that what looks like a small stagger actually makes a huge difference. The trick is to actually sit in the seat. In fact our main sales tool is to ship seats to airlines so they can sit in them," says Molon Labe founder Hank Scott. "I have watched this several times -- airline executives see the seat, nod their head and then say they get it. Then we ask them to actually sit down, next to a big fella like our head sales guy Thomas [6-foot-6, 250 pounds]. Within a few seconds they [really] get it -- they stop being an airline executive and switch into passenger modes."
            

    Read more of this story at Slashdot.


  • Facebook Deceived Users About the Way It Used Phone Numbers, Facial Recognition, FTC To Allege in Complaint
    The Federal Trade Commission plans to allege that Facebook misled users' about its handling of their phone numbers as part of a wide-ranging complaint that accompanies a settlement ending the government's privacy probe, Washington Post reported Tuesday, citing two people familiar with the matter. From the report: In the complaint, which has not yet been released, federal regulators take issue with Facebook's earlier implementation of a security feature called two-factor authentication. It allows users to request one-time password, sent by text message, each time they log onto the social-networking site. But some advertisers managed to target Facebook users who uploaded those contact details, perhaps without the full knowledge of those who provided them, the two sources said. The misuse of the phone numbers was first identified in media reports and by academics last year [PDF]. The FTC also plans to allege that Facebook had provided insufficient information to users -- roughly 30 million -- about their ability to turn off a tool that would identify and offer tag suggestions for photos, the sources added. The sources spoke on the condition of anonymity. The facial recognition issue appears to have first been publicized earlier this year by Consumer Reports.
            

    Read more of this story at Slashdot.


  • Widespread Blackouts in Venezuela Could Be New Normal, Experts Warn
    Widespread electricity outages could become the new normal in Venezuela, experts have warned, as the country struggled to restore power after a massive blackout that left millions without power or access to the internet. From a report: The energy minister, Freddy Brito, said on Tuesday morning that power had been restored in Caracas and at least five states after the outage which the government blamed on an "electromagnetic attack" at hydroelectric dams in the south of the country. About 80% of Venezuela's grid is served by hydropower. But energy analysts were deeply suspicious of government claims, arguing instead that years of corruption and mismanagement have eroded Venezuela's energy capacity. "This blackout is the result of negligent mis-operation of the power grid," said Jose Aguilar, a Venezuelan energy and risk consultant based in the US. "These will keep happening and it will get worse before it gets better."   Other analysts express similar incredulity. "It's hard to believe that it was an electromagnetic attack, when you've seen years of theft and corruption in the energy sector," said Geoff Ramsey, an analyst at the Washington Office on Latin America. "This blackout shows government doesn't have the tools to return to normalcy." Some supporters of Nicolas Maduro have claimed that US sanctions aimed at Venezuela's oil industry have hampered his government's ability to keep the lights on, but many of those sanctions target individuals accused corruption.
            

    Read more of this story at Slashdot.


  • Apple Dominates App Store Search Results, Thwarting Competitors
    Apple's mobile apps routinely appear first in search results ahead of competitors in its App Store, a powerful advantage that skirts some of the company's rules on such rankings, according to a Wall Street Journal analysis. From the report: The company's apps ranked first in more than 60% of basic searches, such as for "maps," [Editor's note: the link may be paywalled; alternative source] the analysis showed. Apple apps that generate revenue through subscriptions or sales, like Music or Books, showed up first in 95% of searches related to those apps. This dominance gives the company an upper hand in a marketplace that generates $50 billion in annual spending. Services revenue linked to the performance of apps is at the center of Apple's strategy to diversify its profits as iPhone sales wane. While many of Apple's products are undoubtedly popular, they are held to a different standard by the App Store. Apple tells developers that downloads, user reviews and ratings are factors that influence search results. Yet more than two dozen of Apple's apps come pre-installed on iPhones and are shielded from reviews and ratings.   [...] Audiobooks.com, an RBmedia company, largely held the No. 1 ranking in "audiobooks" searches in the App Store for nearly two years. Then last September it was unseated by Apple Books. The Apple app had only recently begun marketing audiobooks directly for the first time. "It was literally overnight," said Ian Small, Audiobooks.com's general manager. He said the change triggered a 25% decline in Audiobooks.com's daily app downloads. [...] Apple's role as both the creator of the App Store's search engine and the beneficiary of its results has rankled developers. They contend Apple is essentially pinning its apps No. 1, compelling anyone seeking alternatives to consider Apple apps first. [...] Phillip Shoemaker, who led the App Store review process until 2016, said Apple executives were aware of Podcasts' poor ratings. Around 2015, his team proposed to senior executives that it purge all apps rated lower than two stars to ensure overall quality. "That would kill our Podcasts app," an Apple executive said, according to Mr. Shoemaker, who has advised some independent apps on the App Store review process since leaving Apple. The proposal was eventually rejected, Mr. Shoemaker said.
            

    Read more of this story at Slashdot.


  • LinkedIn Is Migrating To Microsoft Azure
    An anonymous reader writes: LinkedIn today announced it is swapping out its data centers for the public cloud. The Microsoft-owned company is moving its infrastructure to Azure as part of a multi-year migration. VentureBeat sat down with Mohak Shroff, LinkedIn's SVP of engineering, to discuss one of the biggest technological transformations in the company's history. LinkedIn plans to migrate its 645 million members over several years so as not to compromise the site's accessibility, reliability, and performance. "We think probably at least three years till we're done, possibly longer than that," Shroff confirmed. "It will be a gradual migration. We'll see increasing workloads on Azure over time, with a pretty significant inflection point, about a year and a half, two years out from now. And then kind of an accelerated migration post that."
            

    Read more of this story at Slashdot.


The Register









  • Lancaster Uni data breach hits at least 12,500 wannabe students
    Must have been the cyber security course's day off
    Lancaster University - which offers a GCHQ-accredited degree in security - has been struck by a "sophisticated and malicious phishing attack" that resulted in the leak of around 12,500 wannabe students' personal data.…






  • How does UK.gov fsck up IT projects? Let us count the ways
    Report suggests outsourced project management, new committee and more
    A report from right-wing think tank Freer has estimated failed government projects in the last few years have created delays totalling 34 years and wasted an eye-watering £7.5bn.…







































Linux.com offline for now

Phoronix

  • RADV's Navi Support Gets Patches For Vulkan Transform Feedback
    The excitement over the open-source AMD Radeon Navi graphics driver support for Linux gamers/users continues. On Tuesday the RADV driver saw support land for binning to boost performance but while Bas was doing that, Samuel Pitoiset of Valve posted patches allowing GFX10/Navi to support Vulkan transform feedback...






  • GCC vs. Clang Compiler Benchmarks On POWER9 With Raptor's Blackbird
    While for Intel x86_64 with the latest compilers it's a very competitive race between LLVM Clang and GCC, how is that battle playing out on the IBM POWER9 front? Using the interesting Raptor Blackbird with IBM POWER9 4-core / 16-thread CPU, here are some recent benchmarks I did between GCC 9, GCC 10, and LLVM Clang 8.



  • GCC 10 Compiler Picks Up New Scheduler Model & Cost Tables For AMD Zen 2 Processors
    While AMD developers published their "Znver2" compiler patches for Zen 2 originally back in November, months ahead of the recent Ryzen 3000 series launch, this compiler support was incomplete as it re-used the existing scheduler model and costs table of Znver1. Now though one of SUSE's compiler experts who often works in cooperation with AMD has published the new Znver2 scheduler model and costs table for Zen 2...








  • 7-Way Linux Distribution Benchmarks For July 2019, Including LTO'ed openSUSE Tumbleweed
    As it's been a few weeks since last hosting any Linux distribution comparison and now with the rolling-release openSUSE Tumbleweed enabling LTO by default, here are some fresh Linux distribution comparison results plus tossing the newly-released Debian 10.0 into the mix as well. This round of testing included Ubuntu 18.04 LTS, Ubuntu 19.04, Fedora Workstation 30, openSUSE Leap 15.1, openSUSE Tumbleweed, Clear Linux 30450, and Debian 10.0.


  • Should Ubuntu Use The BFQ I/O Scheduler?
    The BFQ I/O scheduler is working out fairly well these days as shown in our benchmarks. The Budget Fair Queueing scheduler supports both throughput and low-latency modes while working particularly well for consumer-grade hardware. Should the Ubuntu desktop be using BFQ by default?..



  • GCC 10 Lands OpenRISC Support For Floating Point Instructions
    When it comes to open-source processor ISAs, RISC-V currently captures much of the spotlight but OpenRISC continues chugging along as another open-source CPU architecture. The OpenRISC GCC compiler back-end and other software tooling also continues to move along for this architecture that's been in the works since 2000...


  • Linux 5.2-ck1 Released Along With MuQSS 0.193 Scheduler
    Independent Linux kernel hacker Con Kolivas has released his newest "ck1" patch-set for the recently released Linux 5.2 kernel code-base. Complementing these kernel changes is his primary focus: the MuQSS scheduler that continues to aim for better interactivity and performance on mobile/desktop systems...




  • The New Features & Improvements Of The Linux 5.3 Kernel
    The Linux 5.3 kernel merge window is expected to close today so here is our usual recap of all the changes that made it into the mainline tree over the past two weeks. There is a lot of changes to be excited about from Radeon RX 5700 Navi support to various CPU improvements and ongoing performance work to supporting newer Apple MacBook laptops and Intel Speed Select Technology enablement.


  • Feral's GameMode 1.4 Adds Flatpak Support, Better I/O Optimization Handling
    Feral developers released a new version of their GameMode Linux game performance optimization daemon/client this weekend in order to allow this update to land in the upcoming Fedora Workstation 31. GameMode 1.4 offers up many features including new interfaces for allowing better GNOME integration and thus the Fedora interest in seeing this version in their autumn Linux distribution update...




  • IO_uring Gets A Huge Performance Fix - Up To 755x Improvement
    IO_uring is designed to deliver fast and efficient I/O operations thanks to a re-designed interface introduced in Linux 5.1 with various efficiency improvements compared to the kernel's existing asynchronous I/O code. But it turns out there was a big bottleneck within the current IO_uring code up until now...





  • Systemd Introduces A New & Practical Service For Dealing With PStore
    Adding to the list of new features for systemd 243 is another last-minute addition to this growing init system... Systemd picked up a new service and while some may view it as bloat, should be quite practical at least for those encountering kernel crashes from time to time...


  • RadeonSI Gallium3D Driver Adds Navi Wave32 Support
    One of the new features to the RDNA architecture with Navi is support for single cycle issue Wave32 execution on SIMD32. Up to now the RadeonSI code was using just Wave64 but now there is support in this AMD open-source Linux OpenGL driver for Wave32...


  • The Arm SoC/Platform Changes Finally Sent In For Linux 5.3: Jetson Nano, New SoCs
    The Arm SoC/platform changes arrived a bit late to the Linux 5.3 merge window ending this weekend. The Arm SoC/platform changes were only sent in on Friday night but include Librem 5 Developer Kit support in terms of the DeviceTree bits as well as improving the NVIDIA Jetson Nano support and various other SoC/platform additions...



Engadget"Engadget RSS Feed"

  • Report: Nintendo will repair Switch Joy-Cons with 'drift' issue for free

    Nintendo has reportedly instructed customer support representatives to offer free Joy-Con repairs with "drift" issues for free. According an internal memo obtained by facing a class-action lawsuit in the US, accusing the gaming giant of selling Joy-Cons despite knowing that they're defective. The company is being sued for violating California's fraud laws as well as state- and federal-level warranty laws.

    Source: Vice


  • DoorDash CEO announces that now your tips will go to delivery workers

    Earlier this year, news reports exposed that not only did DoorDash (and others, like Instacart) sometimes lower its payout to delivery workers when customers tipped, its payment system didn't make clear that this was happening. Last month it changed payouts to show how much of "Dashers" income came from the company vs. tips, but it still used customer tips to account for some of the guaranteed fee it would otherwise pay for a delivery, instead of simply adding them on to an already set rate.

    Tonight, after a July 24, 20194/ Going forward, we're changing our model - the new model will ensure that Dashers' earnings will increase by the exact amount a customer tips on every order. We'll have specific details in the coming days.
    — Tony Xu (@t_xu) July 24, 2019
    Source: Tony Xu (Twitter)


  • Study finds changes in Cuban diplomats' brains, but no sign of attack

    Scientists are still unsure of why a group of US diplomats in Cuba experienced mysterious neurological symptoms, but they're still looking for answers. A new study published today in JAMA by the University of Pennsylvania reveals that brain changes were found in US government officials who were stationed in Havana. But there's still no proof to the theory that the diplomats were attacked by a sonic weapon.

    The study performed advanced brain imaging on 40 government personnel who were stationed in Cuba. A group of 48 healthy patients were used as a control. Compared to the control group, the brains of the Cuba patients showed distinct differences in brain volume and connectivity. There was reduced white matter in the affected patients. Changes in tissue volume particularly impacted the cerebellum -- the region of the brain responsible for executive functioning.

    "The areas implicated in the patients' brains, namely the cerebellum as well as the visuospatial and auditory networks, align with the neurological symptoms that were observed in the patients," said lead author Ragini Verma, PhD, professor of radiology and head of the imaging lab at the University of Pennsylvania. Verma said the changes were evident even after scientists excluded the results of patients with a history of brain injuries.

    Still, outside scientists cast doubt on the study; arguing that its techniques are far from iron-clad. First off, the imaging methods used on the patients aren't meant to find disease, neuroscientist Douglas Fields told Gizmodo. In an editor's note, JAMA senior editor Christopher Muth and executive editor Phil Fontanarosa admitted that the paper didn't provide clear proof of impairment. "However, despite the differences in advanced neuroimaging metrics between patients and controls reported in this study, the clinical relevance of these differences is uncertain, and the exact nature of any potential exposure and the underlying etiology of the patients' symptoms still remain unclear," they wrote.

    The study is a follow-up to a smaller trial the team performed back in 2016 with a group of 20 diplomats, which concluded that there were signs of neurological injury. That work was met with some backlash from the rest of the scientific community. Three years later, it appears that the mystery of Havana Syndrome still hasn't been solved. But given how tricky investigating the phenomenon has been for scientists, it's probably best for the average person to avoid jumping to unlikely conclusions.



    Via: Gizmodo

    Source: JAMA



  • Pizza Hut tests Amazon Locker-style 'cubbies' for carryout orders

    It's not always as quick as you might like to pick up a pizza on the way home, but Pizza Hut might have a solution: borrow a page from the online shopping world. Its Hollywood restaurant (6660 Sunset Boulevard) has started testing Amazon Locker-like "cubbies" for carryout orders purchased through any method. Each cubby includes a display that shows your partial name as well as a lining that keeps your food hot and your drinks cold. You won't have to wait for someone at the counter -- once you've paid, you just double-tap the screen and grab your meal.

    And in case you're wondering: the cubby doors remain locked until you're in the store and have paid, so someone won't make off with your Veggie Lover's before you arrive.

    Whatever happens with the pilot program, though, it's just the start. Pizza Hut said it plans more "completely frictionless" locations in other West Coast cities in 2020. Much like its rivals, then, the chain sees a future where you won't have to wait long for dinner (or interact with humans, for that matter) unless you're grabbing a seat. That's not unexpected. Online ordering has made the carryout and delivery processes more important than they used to be, and a speedy pick-up could mean the difference between keeping a customer and losing them to faster-moving competition.


  • Starbucks plans nationwide delivery in the US with Uber Eats

    More Americans will be able to take advantage of on-demand Frappuccinos. Starbucks announced today that it's expanding its partnership with Uber Eats, aiming for nationwide delivery by early 2020. Currently, only 11 cities offer the service; Boston, Chicago, Dallas, Houston, Los Angeles, Miami, New York City, Orange County, San Francisco, Seattle and Washington, DC.

    Delivery coffee may have once been a novel concept, but not anymore. Starbucks first began offering delivery via Uber Eats in 2018 with pilots in Miami and Tokyo. Back in January, the company expanded to London and more US cities. The company already offers delivery in China with Ele.me, an Alibaba-backed platform, and hopes to expand to 3,000 stores across 50 cities by the fall.

    "Partnering with Uber Eats helps us take another step towards bringing Starbucks to customers wherever they are," Starbucks Group President and COO Roz Brewer said in a statement. Major metropolises already have a Starbucks on every corner, but expanding Uber Eats to other regions makes sense. And it's a timely move, given that Uber Eats recently expanded as well. The rideshare giant announced last year that it would offer deliver to more suburban and sparsely populated areas, aiming to reach 70 percent of the US in 2019. The company this month unveiled a pass that offers free Eats deliveries. With such widespread coverage and the lure of free delivery, you'll have no excuse to leave the house.

    Source: Starbucks


  • Justice Department launches sweeping review of competition in tech

    The US is intensifying its already stepped-up scrutiny of the tech industry. The Department of Justice is launching a comprehensive antitrust review of "market-leading online platforms" to see if they're abusing their leading positions. There's no definite goal beyond determining whether or not there are any anti-competitive practices. The review will focus on internet platforms involving search, shopping and social networking, however.

    Officials vowed to "seek redress" if they found any lawbreaking. Wall Street Journal sources claimed that the DOJ wouldn't ignore violations of other laws if discovered during the review.

    The Department didn't name specific targets, but it's not hard to guess which tech giants are likely to come under the crosshairs. Amazon, Apple, Facebook, Google and Microsoft all exert tremendous influences on the internet, even if they don't always have a monopoly in a given area.

    And those companies are likely to be nervous. They've already been asked to testify in front of Congress on competitive issues, and reports have circulated of regulators divvying oversight of Amazon and Google ahead of seemingly likely action. That's not including an imminent Facebook settlement with the FTC. There's a real chance they'll be asked to change their practices or even split into multiple companies.

    You know these firms will put up stiff opposition, too. Apple has already denied that its App Store is a monopoly, and companies like Google have typically argued that you're not locked into using their web services the way you might be with software. They're determined to maintain the status quo, and they know the consequences of losing could be severe.

    Via: New York Times, Wall Street Journal

    Source: Department of Justice


  • Snapchat had more than 200 million daily users last quarter

    Snap appears to be working its way out of a downturn. In the company's Q2 earnings release that just dropped. Snap revealed that it had 203 million daily active Snapchat users in the last quarter, up eight percent year-over-year and seven percent quarter-over-quarter. That came after several quarters of declining users, something that was clearly troubling to investors.

    Not coincidentally, the redesigned Snapchat app that rolled out to all Android users last quarter has made an impact as well. Snap says that users are sending seven percent more Snaps with the new app, though it comes with the confusing caveat that this represents "the majority of Android devices used by new users." Likely, that's an acknowledgement that there are Android users with older devices not running the updated app. Snap also say that new users are more likely to stick with the Snapchat app these days -- the company "saw more than a ten percent increase in the retention rate of people who open Snapchat for the first time."

    As for its financial performance, Snap still isn't profitable -- but it's slowly inching closer to that day. The company pulled in $388 million in revenue, a big 48 percent increase over Q2 one year ago. But the company still lost $255 million in the quarter; that's 28 percent less money than it lost in Q2 2018.

    Somewhat surprisingly, Snap's Discover platform is also getting more engagement than it has in the past. The audience of people watching content on Discover daily grew 35 percent in the last year -- though Snap didn't provide any numbers to quantify how big (or small) that audience is. Total daily time spent watching Discover is also up to the tune of 60 percent year-over-year.

    As for the host of partner-focused announcements Snap made back in April, it's a bit too early for much of them to have come to fruition. But we'll be listening in to today's earnings call to see if CEO Evan Spiegel has any other details to share and we'll update this post with anything we hear.



  • Amazon's 'Homecoming' casts Janelle Monáe as its new lead

    When Amazon Prime Video series Homecoming returns for its second season, it'll have a new star. Actor and musician Janelle Monáe is taking over the lead role from Julia Roberts. She'll play a woman who wakes up a canoe with no idea how she got there or who she is.

    It's Monáe's first major role in a TV series. Along with her successful music career, she's putting together an impressive screen résumé. She starred in the excellent NASA drama Hidden Figures and Oscar winner Moonlight. Later this year, Monáe will appear in the Harriet Tubman biopic Harriett and a live-action remake of Lady and the Tramp, which'll be a Disney+ exclusive. Homecoming is her second Prime Video project after an episode of the reports, with a bevy of new characters onboard. It remains to be seen how many of the original cast will return to the psychological thriller.

    Source: Deadline


  • Quakecon's Steam sale offers steep discounts on 'Doom' and 'Wolfenstein'

    QuakeCon is right around the corner, and Bethesda is determined to capitalize on the wave of good vibe for id Software's gaming legacy -- including, we'd add, the looming 25th anniversary of Doom II. To that end, it's launching a QuakeCon sale on Steam that runs until July 30th. There are steep discounts on recent id-associated titles like the 2016 VR counterpart are both 75 percent off. And if you haven't played Skyrim by this point, you can snag it or its VR edition at a 67 percent price reduction.

    Yes, Bethesda is laying the groundwork for Steam (1), (2)



  • The Mini SE combines green power with go-gart handling

    The EV market continues to expand, with more automakers releasing more vehicles. At auto shows, the cars of the future are now shown with electric powertrains instead of giant V8 engines. Automakers have also started looking backward for the vehicles of tomorrow. A few years ago, Mini sort of did that. The Mini brand, a subsidiary of BMW, has always had at least one toe in the nostalgia pool. So when the Mini SE appeared, fans of small cars and electrification were excited.

    Fast-forward to the final stage of the Formula-E season in Brooklyn, New York, where Mini put me in one of its preproduction electrified Minis to drive around the track. Notice I didn't say race? That's because we weren't allowed to take the tiny EVs above 50 miles an hour. So my experience with the car is far from definitive, but it was enough to tell everyone: Yeah, it's an electric Mini.

    BMW and Mini have gone to great lengths to convey that the Mini SE is basically a Mini with handling that resembles a go-kart. I'm happy to say they're right. Mostly.

    Around the tight corners of the Formula-E track, I was able to at least get a feeling for the cornering and suspension. For the most part, the SE kept a solid line with very little body roll. But I could feel the additional heft of the battery pack going into a corner. It wasn't overwhelming, but it's there.

    What's interesting is how that battery is placed in the Mini SE. The company replaced the exhaust and created a T-shaped powerpack that resides under the vehicle. By doing this, Mini was able to make an EV from an internal combustion engine (ICE) platform without eating into the storage area.



    Before bringing the Mini SE to the masses, the automaker distributed the Mini-E to test drivers around the world. It was a test fleet to determine just want Mini owners wanted (and didn't want) from a small EV. One of the biggest lessons learned was that filling the cargo space with a battery instead of actual space is not a good idea. So the company went back to the drawing board and shoved the pack underneath the car.

    But while the undercarriage has been modified for the new battery in the EV Mini, the motor is borrowed from another small vehicle in the BMW lineup. But like the pack, it works.

    As much as I could test the acceleration, the SE had the expected punch of torque from the electric motor. Said powerplant is pulled straight from the BMW i3. You know, the little concept bubble car. In my two laps around the track, I didn't really get a chance to put the motor's 181 horsepower and 199 pounds of torque to the test. It did feel zippy up to 45 miles per hour, which is what you expect from a Mini as you cruise around town. The company says it has a zero-to-62 time of 7.3 seconds. So you're not going to be drag-racing Model 3s.

    But that's not really the point of a Mini. Yeah, you could race around in one, but it's built for fun at all speeds. So regardless of how fast I was going (which, again, wasn't that fast), I enjoyed the experience. BMW is hoping that the joy of driving sets the car apart from other EV offerings.



    Because of its small size and the fact that's built on a gas-car platform, the Mini SE is rated at 146 to 161 miles of range. Those numbers will no doubt go down once the EPA gets a chance to do proper testing. Whatever the outcome, the SE will not compete with the Model 3, Kona EV, Bolt or really anything that's rolling with more than 225 miles of range.

    Its only real competitor is the Volkswagen E-Golf, another transition vehicle that's had an EV powerplant crammed into an ICE platform. The E-Golf is a delight to drive, and I'm expecting once I get some serious time behind the wheel of the Mini SE, I'll probably feel the same way.

    Mini hasn't announced US pricing yet, but don't be surprised to see it in the low-to-mid-$30,000 range. It'll go into production in November of this year and will land in showrooms next year.

    BMW's plan to create modular platforms for its vehicles so that they can be configured as gas-powered, hybrid or electric on the same factory line is trickling down to the Mini brand. It'll be interesting to see what the future holds for the entire BMW lineup once this goes live but especially the Mini.



    Smaller cars really can't compete on range with large sedans and SUVs. So Mini is doing what it does best: going for fun with a hint of nostalgia. And if buyers use the car to just cruise around town and commute, that might be more than enough.

    Images: Sam Cobb on behalf of BMW NA & MINI USA (Non-watermarked images


  • Alphabet's internet balloons have spent a million hours in the stratosphere

    The fledgling internet balloon industry just marked an important achievement. Alphabet's Loon has recorded over 1 million hours of stratospheric flight for its balloons, covering about 24.9 million miles. The figures aren't completely shocking when they've been pressed into service for hard-hit areas like Puerto Rico and Peru, but it's still significant when the technology only graduated from project status one year earlier.

    The record comes in part through the way the balloons operate. Instead of fighting the wind, they use AI to change their altitude and ride currents to their destination. That leads to routes that can be long and winding, but don't require massive amounts of energy. Loon even encourages its balloons to "stroll" so that they provide more consistent internet access.

    Broadband balloons are still in their early stages and have seen only limited adoption elsewhere. Satellites have been in vogue lately. With that said, the milestone shows that they're viable. It may just be a matter of how widespread their use becomes, rather than whether or not they have a future in the first place.

    Source: Loon (Medium)



  • How to stream college sports without losing your mind

    Thanks to all the services that let you stream live TV, it's easy to watch sports without a commitment to cable. The channel lineups vary, and some are more limited than others. What's more, the television rights for college sports, especially football, are tied to the conference, so you'll need to find out which channels have the deal covering your favorite schools. From there, it's a matter of making sure the service you choose has all the channels you need so you don't miss a game. Lucky for you, we can help.
    A word about college sports TV rights


    Thankfully, there are a lot of college games -- primarily football and basketball -- on major television networks. The downside is most channels require a TV log-in to stream through any apps, even if the game is one of the main networks you can access over the air for free. Of course, if you're a college student, chances are you're using your parents' log-in. Well, at least until you have a place of your own where you have to worry about paying for television. Like other sports, the league negotiates television deals every few years, and in the case of college sports, "the league" is the school's conference.

    Disney has the biggest piece of the pie with the ACC, American, Big 12, Big Ten, BYU, C-USA, Liberty, MAC, Mountain West, Pac-12, SEC and Sun Belt all signed on for games on either ABC or ESPN. CBS has a deal with the SEC, which during football season typically means a 3:30 PM "game of the week" with a marquee matchup. It also has agreements for American, Army, C-USA, MAC and Mountain West. Big 12, Big Ten and Pac-12 also have a deal with Fox, which includes the championship game for the latter two conferences. I'll stop there because it's confusing, and it can be hard to keep up with.

    If your team is in any of these conferences, you'll need to pick a streaming option that, at the least, gives you access to ABC, ESPN and Fox. But you'll probably need even more if you want to catch everything. Otherwise, you'll likely miss some games. To make things more convoluted, Notre Dame is independent for football, so it has a solo deal with NBC, but it's only for home games.

    In fact, most scheduling is done according to the home team. This is easy to follow during the conference schedule, but for any non-conference games, it can be difficult to know where to look. A good rule of thumb is to find the channel that the home team's conference has a TV deal with. If an SEC school is playing at an ACC school, it's a safe bet that game will be on ABC or ESPN. There are also neutral-site games, typically played in NFL stadiums or other venues that aren't on campus. That throws in another wrinkle, but most of the time these matchups are big enough that they'll be on one of the major networks.

    To add further confusion, some conferences have their own networks. The SEC Network and upcoming ACC Network are run by ESPN. Ditto for the University of Texas' Longhorn Network. Fox oversees the Big Ten Network, and the Pac-12 Network is owned (and run) by its member universities. These channels are more supplemental to the major networks and the likes of ESPN. There will be some games on these channels, but the big matchups will be on a major network -- especially during football season. However, if you follow college sports besides football and basketball, you'll want to consider adding them to your streaming budget. The Big Ten Network, for example, shows a lot of wrestling and is typically the place to watch the B1G conference tournament for that particular sport.

    To summarize, since college sports are big money (football and basketball in particular), all the networks want a piece. If you only care to watch your favorite team, you'll need a few channels to keep up with every game. If you're a die-hard fan who likes to watch as much as possible, you'll need several channels for that all-you-can-stream buffet.
    YouTube TV

    YouTube TV for about six months now, and I really like it. The interface is simple and easy to use, and there are a lot of handy features -- especially for sports fans. For starters, you can tell it your favorite teams, and every time they're on TV, the service will record the game for you. Speaking of DVR, that's included for free, and you get unlimited storage space too.

    YouTube TV also allows up to six accounts per household, so you don't have to worry about someone else's sports loyalties popping up in your list. The service will also let you have three streams going simultaneously, just in case your family couldn't care less about 'Bama v. LSU.
    Hulu + Live TV

    Hulu has been making a huge live sports push, especially during the NBA playoffs over the past few months. (I'm sure you saw the commercials at some point.) Hulu covers the major channels you'll need for most of the marquee games, but its full roster isn't as extensive as YouTube TV's. Hulu will recommend games based on your favorite teams, and 50 hours of cloud DVR is included in the monthly fee. If you need more, you can splurge for 200 hours with an extra $15 per month.

    Hulu is a solid option, especially if you subscribe to its on-demand service. And its channel lineup has all you need to follow the more notable games on the big networks.
    Sling TV when it comes to sports. Sling doesn't offer access to ABC or CBS, and Fox and NBC are limited to select markets. This means you'll have to get an antenna to watch these over the air -- something Sling is happy to help with. Given the lack of local/big four networks, it's hard to justify the monthly cost here. Plus, you'll also need Sling Blue and Orange to get everything you need. You only save money on Sling when you can survive with one or the other.

    What's more, in order to get SEC Network, Pac-12 Network, ESPN U and ESPN News, you'll have to pay $10 more per month for the Sports Extra add-on. Cloud DVR will also cost you an additional $5 per month for 50 hours' worth of storage. You can record multiple shows/events at once, though, if that's an attractive consolation prize.
    ESPN+

    Pros: So. Much. Content. And all for $5 per month. Access to conferences for football that might not otherwise be on TV in your area, plus coverage of other college sports is quite comprehensive. There's also MLB, pro soccer, MMA and more. Cons: You won't get the big-name teams when it comes to college football and basketball, but you will get a lot from other conferences. ESPN+ is a stellar supplement for sports fans who want as much action as they can get. The service is loaded with baseball (MLB), soccer (MLS, Serie A, FA Cup), MMA (UFC) events and a whole lot more. And when it comes to college sports, the options are also robust.

    ESPN told Engadget that there will be more than 300 college football games on ESPN+ this season, covering 12 conferences like the Big 12, C-USA, MAC, Sun Belt, WAC and Ivy League. The network also confirmed that all college football games that appear on ESPN+ will also be available for replay on demand. This means if you're a fan of a team that isn't in one of the bigger (read: more popular) conferences, this is likely your best bet for streaming or watching live. There's also a ton of other college sports on the service. I watched a lot of this year's NCAA Baseball Regionals and Super Regionals via ESPN+. You get so much for so little, it's almost silly for a die-hard sports fan not to have this.
    It's game time


    I'm all for cutting the cord, but it's difficult to live without live television if you're a sports fan. Cable companies still have a foothold thanks to sports, but you don't have to saddle yourself with that headache in order to follow your team(s). For that reason, live-TV-streaming services like Hulu and YouTube TV are your best options. If you want to shop around further before you commit, be sure any service you consider offers ABC, CBS, NBC and Fox (local channels) in addition to the likes of ESPN and FS1. The games you want to watch likely won't be on the same channel every week, so you need several channels if you want to save yourself some headaches down the road.

    Images: Jamie Schwaberow via Getty Images (NCAA Basketball National Championship); Associated Press (ECU vs. NC State and Zion Williamson); YouTube (YouTube TV); Hulu (Hulu menu); Sling TV (Sling TV in-use); ESPN (ESPN+ devices)


  • Exploratory adventure 'Vane' is now available on Steam

    Several months after the PS4 launch, the on Steam for $20, with the soundtrack available separately through Steam and Bandcamp for $7. It preserves the exploration-driven gameplay where you shift between bird and child forms to traverse a mysterious world and discover your destiny. The computer version reflects all the PS4 updates so far, including "more forgiving" checkpoints.

    The PS4 version wasn't flawless on launch (the console controls stood some improvement), but the atmospheric, highly stylized experience and the game's pedigree might pull you in. Friend & Foe's team includes developers who've worked on The Last Guardian, Battlefield 3, Killzone and Bionic Commando, and their experience shows. Besides, its more relaxed pace might be a good antithesis to the hectic shooters and sports titles that dominate the modern gaming landscape.


    Source: Steam


  • Lego's treehouse set uses plant-based bricks for the greenery

    Last year, Lego revealed a new type of brick made using a type of polyethylene created with ethanol from sustainably sourced sugarcane. Though it said only a small percentage of total bricks would be made in such a way, it was a major step towards Lego's broader sustainability ambitions. Several sets have included such pieces, though Lego has unveiled perhaps its most ambitious one yet: a Treehouse kit that includes 185 of those pieces.

    All of the tree, leaf and bush elements in Lego sets are now made with the plant-based polyethylene, and there are more here than in any kit to date. Just six percent of the bricks in this set are made that way though: there are 3,036 parts overall. That said, Lego plans to make all its bricks sustainably by 2030.

    The design emerged through the Lego Ideas program, through which enthusiasts can submit their own builds. Kevin Feeser of Nancy, France created the initial design and more than 10,000 Lego community members pledged their support, propelling it towards becoming a certified Lego retail kit.

    One of the neatest aspects of the impressive, 14-inch Treehouse set is that there are two versions of the treetop canopy: green leaves for summer, and yellow and brown for the fall. The set goes on sale for Lego VIPs Wednesday for $199.99/£179.99/€199.99. Everyone else can buy it starting August 1st.

    Via: Kotaku

    Source: Lego


  • Pixelmator Pro update brings full suite of editing tools to Apple Photos

    We've long favored Pixelmator Pro as an effective and affordable alternative to Adobe Photoshop. Now an update to the image editor will make it easier for you to perform advanced visual editing right in Apple Photos. The Pixelmator team unveiled Pixelmator Pro 1.4 Hummingbird today, which includes an extension that brings its entire suite of editing tools to Apple's photo library. Nothing is missing from the extension -- users can perform layer-based edits, edit RAW photos, paint with digital brushes and more.

    Prior to the update, Apple Photos users would have to open an image separately in Pixelmator Pro, make edits and then sync everything back to their main library. Now, any edits made using the extension can be saved directly to Photos. Any layers or nondestructive edits will be automatically saved in an associated Pixelmator Pro document. Using iCloud, files saved to the Apple Photo library will sync across multiple devices. This will be a massive timesaver if you're the type who likes to switch between editing on your iPad and your desktop, or your work and home computer.

    Hummingbird comes with a new Zoom tool, which has a more responsive navigator. An updated Crop tool has a Delete mode and the ability to crop to custom pixel sizes. Also new is the ability to drag and drop layered files directly into existing images, refresh Slice and Paint tool presets and better performance for documents with a large number of layers. Hummingbird also offers templates for all Apple devices -- sure to make life easier if you're designing for Apple Watch or iPad.

    Adobe is expected to release the iPad version of Photoshop sometime this year, but until then, Pixelmator Pro is a worthy alternative. Given the more affordable image editor's improvements, some may even choose not to convert. Existing Pixelmator Pro users can upgrade to Hummingbird for free. New customers can download it from the Mac App Store for $39.99. Pixelmator Pro requires macOS High Sierra and a Metal-compatible graphics card.



    Source: Pixelmator Pro


  • 'Overwatch' newcomer Sigma has abilities that defy gravity

    Blizzard tank roster. The 62-year-old's real name is Siebren de Kuiper, and he's a Dutch astrophysicist and professor.

    He suffered "serious psychological damage" during an experiment gone wrong. Deemed a threat to humanity, Sigma was locked up in a secret government facility before the terrorist group Talon freed him years later and deployed him as a weapon.



    But what of his all-important abilities? As heavily indicated in his origin video, Sigma can harness the power of gravity. With his Hyper Spheres, he can deploy two "gravitic charges" which can bounce off walls and the ground and damage enemies. The Accretion ability allows Sigma to scoop up debris and hurl it towards an opponent to knock them down and backwards.

    Sigma is also able to send out a floating Experimental Barrier wherever he likes, including at an angle and can recall it at any time. With the neat-sounding Kinetic Grasp ability, Sigma halts enemy projectiles in midair and turns them into shields for himself. Gravity also plays a key role in Sigma's ultimate ability, Gravitic Flux. With it, he pulls nearby enemies into the air and suspends them there for a brief time before and slamming them down.

    You'll be able to try out Sigma today on the public test realm (PTR) on PC. He'll arrive in the full game on PC and consoles later, likely within the next few weeks. But you can get an early look at how Sigma's abilities work right now. Overwatch game director Jeff Kaplan is joining former Overwatch League pro Brandon "Seagull" Larned's Twitch stream for a first look at the latest hero.



  • Samsung's Galaxy Watch Active 2 may have a touch-sensitive bezel

    Samsung's Galaxy Watch Active is more compact and less expensive than its sibling smartwatches, but navigation is considerably clunkier without the brand's usual rotating bezel. The company may have a simple solution to that, though -- turn the bezel into a touch surface. SamMobile sources claim the Galaxy Watch Active 2 will implement a "Touch Bezel" that lets you swipe your finger along the side to scroll through the circular interface. We could see that being an issue in some cases (Samsung will hopefully try to minimize accidental input), but it might beat having to obscure the screen every time you want to check the weather or read a text message.

    This could also be helpful if you tend to wander away from your phone. The Active 2 is reportedly Samsung's first Bluetooth 5.0 watch, promising up to four times the range, support for two audio targets and lower power consumption. You might reliably receive notifications at the gym while your phone stays safe in a changing room locker.

    The wristwear is still expected to come in 40mm and 44mm cases sizes with regular and LTE variants, not to mention aluminum and steel cases. Samsung hasn't said anything about a release date, but its Galaxy Note 10 event is just around the corner on August 7th. If the Active 2 is launching any time in the near future, that would be a good place to unveil it.

    Source: SamMobile


  • 'Two Point Hospital' is coming to consoles in late 2019

    You won't have to fire up a computer to play the spiritual successor to bringing Two Point Hospital to PS4, Switch and Xbox One sometime in late 2019. It'll remain faithful to the absurdity of the PC hospital management title (the existence of a Clown Clinic should say everything), but will be "fully rebuilt" to take advantage of gamepads and the Switch's mobile experience.

    The console edition will also roll in features that have come to the PC version since launch, including character customization, an interior designing tool and expansions like Bigfoot and Pebberley Island. This isn't just a cash grab, according to Two Point -- it's as much about making the game available to play with your kids in the living room, on a long trip, or any place where pulling out a laptop wouldn't be as practical.


    Source: Two Point Hospital (YouTube), Two Point Hospital


  • How to buy a laptop for school in 2019

    If you're bound for college or high school, there's good news and bad news when it comes to choosing a laptop. On the plus side, there are more choices than ever, which means there's a good chance you can find a notebook that's perfect for you. The downside: With so many options, it's often hard to figure out what's actually worth buying.

    We've recommended some of our favorite laptops as part of our annual back-to-school guide, but here are some tips to keep in mind. First off, consider what your needs are: Your laptop is going to see you through every class report and Netflix binge for the next four years. Get a machine that can do both. For many students, a modern ultraportable will be enough. But if you want to game or edit media, you'll have to make sure you find something with a bit more power.
    For most students: ultraportables all the way


    It used to be that thin and light notebooks were a rarity, but now just about every computer maker has several ultraportable models to choose from. And best of all, you won't have to sacrifice much to get one. Look for something that weighs less than three pounds, and make sure it includes Intel's eighth-generation CPUs or better and at least 8GB of RAM (16GB would be ideal for future-proofing). Intel's recently announced 10th-generation laptop processors sound like a solid upgrade on paper, but we're still waiting to see them land over the next few months.

    Dell's XPS 13 is one of the best Windows ultraportables on the market, with a gorgeous Dolby Vision HDR display that's nearly bezel-less. It's always been one of our favorite options, but this year it's been refined to near perfection. (We're also keeping a close eye on the upcoming XPS 13 two-in-one, which sports an even sleeker design and makes use of Intel's 10th-gen processors.) If you're looking for something with a tad bit more graphics power, though, consider the ASUS Zenbook S13 ($1,395). It features NVIDIA's MX150 graphics card, which is good enough to play many games in 1080p.



    When it comes to Macs, we like the ultra-slim design of the new MacBook Air ($1,099+), but its relatively slow hardware might not be enough to last you four years. The same holds true for the MacBook; you give up a lot to have such a tiny machine. Instead, I'd recommend the 13-inch MacBook Pro ($1,299+) as a solid lightweight option, since it clocks in at just three pounds with considerably more power than its smaller siblings.
    For gamers: You too can go "light"Razer's Blade
    Devindra Hardawar/Engadget

    Thankfully, you don't have to lug a 10-pound laptop around anymore if you want to play the latest games. As we explain in ourguide to buying a gaming notebook, you have plenty of options clocking in around five pounds. Mostly that's due to massive leaps in efficiency with NVIDIA's 10-series graphics cards, which brought desktop-like performance to notebooks without sacrificing portability. But Intel's recent mobile processors have also made some huge improvements, like offering a six-core model. Enormous gaming laptops are still around for the players who demand performance above all, but for most PC gamers, they're more trouble than they're worth.

    The big reason you'll want a lighter gaming laptop: You'll actually be able to take it to class without looking like you're sitting behind a blinged-out computing hot rod. Many also offer decent battery life -- certainly not as much as an ultraportable but enough to get through a few classes and last-minute writing during lunch. One word of warning though: Be sure to get a roomy backpack if you're buying one of these machines. Even though they're far lighter than gaming laptops of yore, their powerful hardware still requires large AC adapters.

    When choosing a gaming notebook, you should focus mainly on its graphics card. You'll find NVIDIA's recently released GTX 1650 and 1660 Ti GPUs on budget gaming laptops like the Dell G7 15 ($1,234), one of our back-to-school recommendations. These cards will be powerful enough to guarantee 1080p 60 fps performance in most games, though they likely won't get you significantly higher frame rates for smoother 144Hz panels. If you'd like to see speeds closer to 144 fps in 1080p, there's NVIDIA's RTX 2060, which is typically an upgrade option on budget notebooks. The RTX 2070 will offer even faster speeds as well as the ability to bump up to solid 1440p performance. (You won't see displays offering that resolution on many laptops, but it's a nice upgrade when spitting out video to 4K TVs.)

    And of course, there's the king of the hill, the RTX 2080, which delivers native 4K gaming performance. You'll typically pay dearly for it: Razer's latest 15-inch Blade with the 2080 costs more than $2,600. But that price might be worth it to have a notebook that's vastly superior to most gaming desktops. For most buyers, though, an RTX 2060 or 2070 notebook will easily last several years. All the RTX cards also include NVIDIA's real-time ray-tracing technology, which enables more-realistic lighting and reflections on supported titles.

    If you're planning to do any sort of gaming, you'll need a Windows PC. Sorry, Mac fans, Apple's machines don't include NVIDIA's GPUs, and there's no guarantee developers will port over their titles either.
    For multimedia students: spec up
    If you're planning to tackle demanding tasks like video and audio editing or 3D modeling, we recommend getting something beefier than an ultraportable. That's where workhorse laptops like Dell's XPS 15, Lenovo's ThinkPad Extreme or the MacBook Pro come into play. Typically, they come with more-capable processors such as Intel's six-core i7-9750H and the top-of-the-line i9-9980HK, which can reach speeds up to 5GHz. And you can expect to see dedicated GPUs too, like NVIDIA's GTX 1650. We'd also recommend throwing in as much RAM as possible -- at least 16GB or, if you can afford it, 32GB.

    While you could play games with these computers, they're meant for tougher work like rendering large video files. And yes, a capable gaming laptop could easily double as a workhorse PC, but they often cost more than something geared at multimedia. Instead, we suggest putting that money toward a larger high-quality screen, like the 4K OLED on the XPS 15. You'll need the screen space and better color accuracy that you'll find in premium displays.

    What about accessories?



    You don't have to live with a cramped keyboard and laptop display for four years. You can easily find a 24-inch monitor for less than $200, which will give you more room for photo editing. And if you're dealing with timeline-heavy media, like audio and video editing, a 34-inch ultrawide display might be ideal. It's like having two screens side by side without crowding your desk with a dual-monitor setup. Ultrawides, naturally, are much more expensive than standard displays, but that investment might be worth it to help you manage large media projects.

    An external keyboard and mouse will also be huge help through inevitable all-nighters. Splurge for ergonomic gear like Microsoft's Sculpt keyboard and mouse to keep your wrists safe from repetitive stress injury. And if your laptop is powered by USB-C, it's worth investing in something likeDell's Universal Dock so you don't have to plug in all of your gear every time you sit down. And don't forget about audio: You'll need a decent pair of headphones likeSony's WH-1000XM3 and speakers like Audioengine's A2+ Wireless ($180) to liven up your room.

    It's also worth investing in cloud storage to keep all of your work backed up. The easiest route is to subscribe to Office 365, which gives you full access to Microsoft's productivity suite and a terabyte's worth of OneDrive storage. While you could survive on Google's free online software, it's worth spending time with Microsoft Office, especially since you'll likely end up using it in future office jobs. If you're dealing with large media files, an external hard drive like Seagate's Backup Plus ($48+) is also essential.



    General tips

    Here are a few other things to keep in mind as you seek out the perfect laptop:

    Try them in person! Online reviews can give you a sense of how every notebook ranks, but it's still worth getting your hands on a notebook to see if you're OK with its keyboard and overall size. Even if you can't test out the specific model you want, you can get a sense of similar machines at Best Buy.

    Take advantage of resources from your school's IT department. That typically includes discounted software, including Microsoft Office and Adobe products. And in many cases, it can also help out with any computing issues.

    Make sure your smartphone plan includes tethering. This is typically a default option with most subscriptions, but that's not always the case with prepaid devices. Being able to turn your phone into a WiFi hotspot will make it easier to get work done anywhere.


  • Toyota's 2020 Olympics robots will include a javelin-carrying cart

    Robots are going to play a large role at the 2020 Tokyo Olympics, and Toyota is determined to be at the forefront -- if in some occasionally strange ways. The automotive giant has unveiled its robot lineup for the summer games, and one of the biggest attention-getters is the Field Support Robot. The autonomous machine looks like a very tiny version of the e-Palette, and will carry javelins, shot puts and other items from throwing events. It won't actually fetch the items -- that's still up to humans -- but it will help reduce the number of staff on the field.

    Most of the other bots were already known, such as the Human Support Robot (for guiding people to their seats), the Delivery Support Robot (drinks and other orders) and the T-HR3 humanoid robot (remote interactions with athletes).

    However, there will be one more Olympics-specific bot. The Mascot Robot in Miraitowa and Someity variants (you're looking at Someity below) will welcome people to venues through object detection and remote-controlled limbs. Toyota is also "considering" a way to enhance the games for Japanese kids through the mascot machines.

    The robots serve as marketing material for Toyota and Japan's technology industry as a whole. Like other Japanese worker robots, though, they're also an acknowledgment of the country's labor shortages. With a declining population and a reluctance to invite foreign workers, the country can't always count on having enough people to fill jobs. The Field Support Robot and its peers could ensure that Tokyo 2020 proceeds without a hitch, even if there aren't as many human staffers as the organizers would like.


    Via: Autoblog, Designboom

    Source: Toyota


  • Don't expect Apple to switch to USB-C for the iPhone 11

    September is only a few short weeks away, which means we're fast approaching the likely date for Apple's fall event and, barring a major surprise, the reveal of this year's iPhone lineup. The latest rumors suggest Apple will have again have three models to showcase, much like last year's trio of the iPhone XS, iPhone XS Max and iPhone XR.

    The upcoming phones will all still have Lightning ports, according to 9to5Mac's sources. That's despite some Apple watchers believing the company would go down the same route as the latest iPad Pro and switch to USB-C.

    The phones also seem likely to have a new Taptic Engine to replace the pressure-sensitive 3D Touch tech which Apple has included in iPhones since the 6S. Apple declined to install 3D Touch in the iPhone XR, instead opting for a haptic touch system. It will apparently take a similar approach with the XS and XS Max replacements this year. For now, it's not clear what features the incoming Taptic Engine will employ, but it seems the overall aim is to improve haptic feedback.

    As for the cameras, the front-facing lens will apparently enable slow-motion video capture at 120 fps. The most recent rumors back up a previous report from Bloomberg suggesting the XS and XS Max replacements will have a square camera bump containing three cameras on the rear. One will reportedly be able to handle wide-angle image captures and use a feature called Smart Frame. This will apparently capture the area around the initial framing of a photo or video so you can tweak the framing or perspective later. The phone will retain that extra detail for a limited time before automatically removing it for privacy reasons.

    The upcoming handsets are also said to have the same screen resolutions as their predecessors. It's probably not too surprising that the devices will likely use Apple's latest A13 chip.

    Source: 9to5Mac


OSnews

  • Apple dominates App Store search results, thwarting competitors
    Apple’s mobile apps routinely appear first in search results ahead of competitors in its App Store, a powerful advantage that skirts some of the company’s rules on such rankings, according to a Wall Street Journal analysis. The company’s apps ranked first in more than 60% of basic searches, such as for “maps,” the analysis showed. Apple apps that generate revenue through subscriptions or sales, like Music or Books, showed up first in 95% of searches related to those apps. This dominance gives the company an upper hand in a marketplace that generates $50 billion in annual spending. Services revenue linked to the performance of apps is at the center of Apple’s strategy to diversify its profits as iPhone sales wane. This should surprise absolutely nobody. Apple has a lot riding on becoming a successful services company, and its doing a lot of sleazy things already to try and convert iPhone buyers into wallets on legs from whom Cupertino can siphon monthly amounts. Its only natural that the company would use its Appe Store search engine to promote its own services  something that will surely turn some heads in Europe. The article also has this fascinating little tidbit: Phillip Shoemaker, who led the App Store review process until 2016, said Apple executives were aware of Podcasts’ poor ratings. Around 2015, his team proposed to senior executives that it purge all apps rated lower than two stars to ensure overall quality. “That would kill our Podcasts app,” an Apple executive said, according to Mr. Shoemaker, who has advised some independent apps on the App Store review process since leaving Apple. The proposal was eventually rejected, Mr. Shoemaker said. So Apple pondered purging all apps with two stars or lower from the App Store0 Only to realise a number of its own apps would be purged, too. Oh and in what Im sure is entirely unrelated, many Apple apps inside the App Store no longer show a rating at all  special treatment only Apple apps get. If even 50% of this story is true, antitrust lawyers and investigators are going to have a field day with this.


  • Unikernels: the next stage of Linux’s dominance
    Unikernels have demonstrated enormous advantages over Linux in many important domains, causing some to propose that the days of Linux’s dominance may be coming to an end. On the contrary, we believe that unikernels’ advantages represent the next natural evolution for Linux, as it can adopt the best ideas from the unikernel approach and, along with its battle-tested codebase and large open source community, continue to dominate. In this paper, we posit that an up-streamable unikernel target is achievable from the Linux kernel, and, through an early Linux unikernel prototype, demonstrate that some simple changes can bring dramatic performance advantages. A scientific paper on the subject.


  • Files are fraught with peril
    In this talk, were going to look at how file systems differ from each other and other issues we might encounter when writing to files. Were going to look at the file stack! starting at the top with the file API, which well see is nearly impossible to use correctly and that supporting multiple filesystems without corrupting data is much harder than supporting a single filesystem; move down to the filesystem, which well see has serious bugs that cause data loss and data corruption; and then well look at disks and see that disks can easily corrupt data at a rate five million times greater than claimed in vendor datasheets. Deeply technical, but well-written and pleasant to read.


  • A tale of pointlessness: retro 5″ black and white TV as a computer monitor
    When my brother’s old 1980s 5″ black and white TV was recently discovered during a “I wonder what’s under here?” exercise and amazingly seemed to still be working my first thought was, of course, “Nice!! 3rd monitor for my PC”. I knew that wouldn’t be exactly simple as the TV only appeared to have a 3.5mm “EXT. ANT” socket. 0I cant do anything but applaud this.


  • A new motherboard for Amiga, the platform that refuses to die
    In the early years of personal computing there were a slew of serious contenders. A PC, a Mac, an Atari ST, an Amiga, and several more that all demanded serious consideration on the general purpose desktop computer market. Of all these platforms, the Amiga somehow stubbornly refuses to die. The Amiga 1200+ from is the latest in a long procession of post-Commodore Amigas, and as its name suggests it provides an upgrade for the popular early-1990s all-in-one Amiga model. If I ever get filthy rich, one of the things Ill be doing with my money is using it to support platforms like the Amiga. Try and buy up as much IP, fund people and companies trying to make hardware and software, try to attract developers with financial incentives, and so on. Not a sound investment by any stretch of the imagination, but still a fun little diversion to daydream about.


  • Apple releases round of iOS, macOS updates
    Today, Apple released a round of minor updates for all of its supported devices, including iOS 12.4, macOS 10.14.6, watchOS 5.3, and tvOS 12.4 . As it turns out though, some older devices  devices that arent supported by the latest updates anymore  are getting some love as well. According to MacRumors, iOS 9.3.6 and iOS 10.3.4 are now available. The report states that the former is only available for cellular models of the iPad mini, iPad 2, and iPad 3, all devices that used an A5 processor or a variant of it. Its worth noting that the third-generation Apple TV also got an update today, as that also included an A5 chipset. Always a nice surprise to see older devices getting some love.



  • How many kinds of USB-C to USB-C cables are there?
    Classic USB from the 1.1, 2.0, to 3.0 generations using USB-A and USB-B connectors have a really nice property in that cables were directional and plugs and receptacles were physically distinct to specify a different capability. A USB 3.0 capable USB-B plug was physically larger than a 2.0 plug and would not fit into a USB 2.0-only receptacle. For the end user, this meant that as long as they have a cable that would physically connect to both the host and the device, the system would function properly, as there is only ever one kind of cable that goes from one A plug to a particular flavor of B plug. Does the same hold for USB-C? We all know the answer to this mess.


  • This could be our first look at an Android-powered feature phone from Nokia
    Kyle Bradshaw at 9To5Google: For the past few months, we’ve been tracking developments in Chrome that point to Android becoming a competitor to KaiOS by entering the feature phone market. Today, the first purported image of an Android feature phone has come to light, with Nokia stylings. Thus far, everything we’ve learned about the likelihood of Android coming to feature phones has come from tidbits within public Chrome code. From the code, we know that Android feature phones will be distinctly different from Android Go, as the feature phones will not have a touchscreen. Instead, the phones will be navigated using a traditional d-pad, shoulder buttons, and the number keys. Feature phones are far from dead, and it seems Google really wants a piece of this pie. KaiOS is kind of an unsung hero here in the west, but its quite popular on feature phones all over the world.


  • Google claims to have cancelled its censored Chinese search engine project
    At a Senate Judiciary Committee hearing Tuesday, Google’s vice president of public policy, Karan Bhatia, said that the tech giant’s much-criticized effort to launch a search engine in China had been abandoned. “We have terminated Project Dragonfly,” Bhatia said of the controversial search app for the Chinese market that Google had reportedly been working on last year. He was responding to a series of questions from Republican Sen. Josh Hawley about Google’s business with China. Google employees were decidedly not happy with this project, so internal pressure certainly seems to have made an impact.


  • Zelda NES screen transitions are undefined behaviour
    The vertical scrolling effect in the original “The Legend of Zelda” relies on manipulating the NES graphics hardware in a manner likely that was unintended by its designers. Writing to a particular PPU register while a frame is being drawn can result in graphical artefacts. The Legend of Zelda intentionally causes an artefact which manifests itself as partial vertical scrolling. This post gives some background on NES graphics hardware, and explains how the partial vertical scrolling trick works. Game developers on these older, constrained systems had to resort to some very clever thinking to work around said constraints.


  • Cities: Skylines is Turing complete
    Cities: Skylines is a city simulation game that is complex enough to build universal logic gates in it. Using universal logic gates it is possible to construct any circuit including Turing complete machines. So, just like in Minecraft one can build a computer inside Cities: Skylines. However, it would be very complicated to build a fully fledged computer using these gates, so I will demonstrate a 4-bit adder instead. Everything is done in the vanilla version of the game, no mods or add-ons are required. Ive played a lot of Cities: Skylines, but I never thought something like this would be possible.


  • To break Google’s monopoly on search, make its index public
    Fortunately, there is a simple way to end the company’s monopoly without breaking up its search engine, and that is to turn its “index”—the mammoth and ever-growing database it maintains of internet content—into a kind of public commons. There is precedent for this both in law and in Google’s business practices. When private ownership of essential resources and services—water, electricity, telecommunications, and so on—no longer serves the public interest, governments often step in to control them. One particular government intervention is especially relevant to the Big Tech dilemma: the 1956 consent decree in the U.S. in which AT8T agreed to share all its patents with other companies free of charge. As tech investor Roger McNamee and others have pointed out, that sharing reverberated around the world, leading to a significant increase in technological competition and innovation. This is an interesting proposition. I dont know if this will increase competition in any meaningful way, or if itll just lead to a shift in power from Google to the other major technology companies without really creating opportunities for newcomers, but its certainly yet another proposal on how to deal with the ever growing power these companies wield.


  • How US tech giants are helping to build China’s surveillance state
    The OpenPower Foundation — a nonprofit led by Google and IBM executives with the aim of trying to “drive innovation” — has set up a collaboration between IBM, Chinese company Semptian, and U.S. chip manufacturer Xilinx. Together, they have worked to advance a breed of microprocessors that enable computers to analyze vast amounts of data more efficiently. Shenzhen-based Semptian is using the devices to enhance the capabilities of internet surveillance and censorship technology it provides to human rights-abusing security agencies in China, according to sources and documents. A company employee said that its technology is being used to covertly monitor the internet activity of 200 million people. IBM, of course, has always been perfectly fine with aiding in and profiting from genocide, so its not really surprising that the company jumped at the chance to aid the totalitarian Chinese regimes genocide against the Uhgurs. Googles involvement may be slightly more surprising since the company has no real presence in China, but I dont think anyone should be shocked. Many western companies choose profits over ethics in China, such as Apple, who aides the Chinese dictatorships massive surveillance state by handing over all Chinese Apple users iCloud data to the Chinese government. Since such anti-privacy measures are legally mandated in China, you can safely assume that any western technology company active in China is just as guilty as IBM, Google, and Apple.


  • 40 years later, lessons from the rise and quick decline of the first ‘killer app’
    Remember VisiCalc, the world’s first spreadsheet? Today’s tech giants do, and that is why they buy up and invest in potential competitive threats. It was the first killer app, the spark for Apple’s early success and a trigger for the broader PC boom that vaulted Microsoft to its central position in business computing. And within a few years, it was tech-industry roadkill. Many silicon valley startups basically have only one purpose these days: flaunt their ideas in front of the tech giants, and hope VC funding doesnt run dry before one of them buys them. Theyre not building sustainable businesses; theyre building a corporate advertorials.



Linux Journal - The Original Magazine of the Linux Community


  • What Does It Take to Make a Kernel?
        by Petros Koutoupis   
    The kernel this. The kernel that. People often refer to one operating system's kernel or another without truly knowing what it does or how it works or what it takes to make one. What does it take to write a custom (and non-Linux) kernel?

    So, what am I going to do here? In June 2018, I wrote a guide to build a complete Linux distribution from source packages, and in January 2019, I expanded on that guide by adding more packages to the original guide. Now it's time to dive deeper into the custom operating system topic. This article describes how to write your very own kernel from scratch and then boot up into it. Sounds pretty straightforward, right? Now, don't get too excited here. This kernel won't do much of anything. It'll print a few messages onto the screen and then halt the CPU. Sure, you can build on top of it and create something more, but that is not the purpose of this article. My main goal is to provide you, the reader, with a deep understanding of how a kernel is written.

    Once upon a time, in an era long ago, embedded Linux was not really a thing. I kno that sounds a bit crazy, but it's true! If you worked with a microcontroller, you were given (from the vendor) a specification, a design sheet, a manual of all its registers and nothing more. Translation: you had to write your own operating system (kernel included) from scratch. Although this guide assumes the standard generic 32-bit x86 architecture, a lot of it reflects what had to be done back in the day.

    The exercises below require that you install a few packages in your preferred Linux distribution. For instance, on an Ubuntu machine, you will need the following:
    binutils   gcc   grub-common   make   nasm   xorriso  An Extreme Crash Course into the Assembly Language
    Note: I'm going to simplify things by pretending to work with a not-so-complex 8-bit microprocessor. This doesn't reflect the modern (and possibly past) designs of any commercial processor.
        Go to Full Article          


  • Kernel 5.3-rc1 Released; VLC Security Flaw Discovered; Melissa Di Donato Appointed CEO of SUSE; Dropbox Brings Back Support for ZFS, XFS, Btrfs and eCryptFS; and YugaByte Is Now 100% Open Source

    News briefs for July 22, 2019.

    Linux kernel 5.3-rc1 has been released. Linus Torvalds writes, "This is a pretty big release, judging by the commit count. Not the biggest ever (that honor still goes to 4.9-rc1, which was exceptionally big), and we've had a couple of comparable ones (4.12, 4.15 and 4.19 were also big merge windows), but it's definitely up there." He also notes that "...there's a lot to like in 5.3."

    German cybersecurity watchdog CERT-Bund recently discovered a security flaw in the VLC media player 3.0.7.1. Softpedia News reports that "a successful exploit of the vulnerability allows for unauthorized disclosure of information, unauthorized modification of files, and disruption of service." See CVE-2019-13615 for specifics. A patch is in the works.

    Melissa Di Donato has been appointed CEO of SUSE. From the press release: "Accomplished technology executive and former SAP leader, Melissa Di Donato, has been named chief executive officer of SUSE in a move that will herald the next phase of growth and momentum for the world's largest independent open source software company....Di Donato is highly regarded for her forward-thinking leadership style and is a passionate advocate for workplace diversity. This includes her role as Technology Group chair of the 30% Club—an organization with the goal of achieving 30 percent female directors on S&P 100 boards by 2020. She also holds prominent positions in other organizations, including Notion Capital, and is a trustee for charity Founders4Schools."

    Dropbox brings back support for ZFS, XFS, Btrfs and eCryptFS. According to Linux Uprising, "it appears that this change has made it into the stable Dropbox client for Linux. This isn't directly mentioned on the Dropbox website, but after a fresh Dropbox installation that I performed on Ubuntu, the reported version is 77.4.131, which is a higher version number than the Dropbox beta version for which it was reported that it now supports ZFS and XFS on 64-bit Linux systems, and eCryptFS and Btrfs on all Linux systems. I also gave it a try on a Btrfs filesystem and folder syncing ran without running into any issues."

    YugaByte is now 100% open source. dbta.com reports that "YugaByte, a provider of open source distributed SQL databases, announced that YugaByte DB is now 100% open source under the Apache 2.0 license, bringing previously commercial features into the open source core."
          News  kernel  Security  VLC  SUSE  Dropbox  YugaByte  open source                   


  • Oracle Linux on Btrfs for the Raspberry Pi
        by Charles Fisher   
    Enterprise comes to the micro server.

    Oracle Linux 7 has been released for the Raspberry Pi 3. The release packages Btrfs as the root filesystem on the UEK-branded Linux 4.14 Long Term Support (LTS) kernel. A bootable disk image with a minimal install is provided along with a standard ISO installer.

    CentOS appears to support only the "Mustang" Applied Micro X-Gene for AArch64, and it provides the older AArch32 environment for all models of the Raspberry Pi. Oracle Linux is a compelling option among RPM distributions in supporting AArch64 for the Pi Model 3.

    This is not to say that Oracle AArch64 Linux is without flaw, as Oracle warns that this is "a preview release and for development purposes only; Oracle suggests these not be used in production." The non-functional WiFi device is missing firmware and documentation, which Oracle admits was overlooked. No X11 graphics are included in the image, although you can install them. The eponymous database client (and server) are absent. Oracle has provided a previous example of orphaned software with its Linux for SPARC project, which was abandoned after two minor releases. There's no guarantee that this ARM version will not suffer the same fate, although Oracle has responded that "our eventual target is server class platforms". One possible hardware target is the Fujitsu A64FX, a new server processor that bundles 48 addressable AArch64 cores and 32GB of RAM on one die, asserted to be the "fastest server processor" that exists.
     AArch64 on the Pi 
    You'll need a Raspberry Pi Model 3 to run Oracle Linux. The 3B+ is the best available device, and you should choose that over the predecessor Model 3B and all other previous models. Both Model 3 boards retain the (constraining) 1GB of RAM—a SODIMM socket would be far more practical. The newer board has a CPU that is 200MHz faster and a Gigabit-compatible Ethernet port (that is limited to 300Mbit due to the USB2 linkage that connects it). A Model A also exists, but it lacks many of the ports on the 3B. More important, the Model 3 platform introduces a 64-bit CPU.
        Go to Full Article          



  • Data in a Flash, Part IV: the Future of Memory Technologies
        by Petros Koutoupis   
    I have spent the first three parts of this series describing the evolution and current state of Flash storage. I also described how to configure an NVMe over Fabric (NVMeoF) storage network to export NVMe volumes across RDMA over Converged Ethernet (RoCE) and again over native TCP. [See Petros' "Data in a Flash, Part I: the Evolution of Disk Storage and an Introduction to NVMe", "Data in a Flash, Part II: Using NVMe Drives and Creating an NVMe over Fabrics Network" and "Data in a Flash, Part III: NVMe over Fabrics Using TCP".]

    But what does the future of memory technologies look like? With traditional Flash technologies that are enabled via NVMe, you should continue to expect higher capacities. For instance, what comes after QLC or Quad-Level Cells NAND technology? Only time will tell. The next-generation NVMe specification will introduce a protocol standard operating across more PCI Express lanes and at a higher bandwidth. As memory technologies continue to evolve, the method in which you plug that technology into your computers will evolve with it.

    Remember, the ultimate goal is to move closer to the CPU and reduce access times (that is, latencies).

    Figure 1. The Data Performance Gap as You Move Further Away from the CPU
     Storage Class Memory
    For years, vendors have been developing a technology in which you are able to plug persistent memory into traditional DIMM slots. Yes, these are the very same slots that volatile DRAM also uses. Storage Class Memory (SCM) is a newer hybrid storage tier. It's not exactly memory, and it's also not exactly storage. It lives closer to the CPU and comes in two forms: 1) traditional DRAM backed by a large capacitor to preserve data to a local NAND chip (for example, NVDIMM-N) and 2) a complete NAND module (NVDIMM-F). In the first case, you retain DRAM speeds, but you don't get the capacity. Typically, a DRAM-based NVDIMM is behind the latest traditional DRAM sizes. Vendors such as Viking Technology and Netlist are the main producers of DRAM-based NVDIMM products.

    The second, however, will give you the larger capacity sizes, but it's not nearly as fast as DRAM speeds. Here, you will find your standard NAND—the very same as found in modern Solid State Drives (SSDs) fixed onto your traditional DIMM modules.
        Go to Full Article          




  • New Linux Malware Called EvilGnome Discovered; First Preview of Fedora CoreOS Now Available; Germany Bans Schools from Using Microsoft, Google and Apple; VirtualBox 6.0.10 Released; and Sparky 5.8 Has New Live/Install Media for Download

    News briefs for July 18, 2019.

    New Linux malware has been discovered that masquerades as a GNOME shell extension and spies on users. Bleeping Computer reports that Intezer Labs' researchers made the discovery earlier this month, and they say that "EvilGnome's functionalities include desktop screenshots, file stealing, allowing capturing audio recording from the user's microphone and the ability to download and execute further modules. The implant contains an unfinished keylogger functionality, comments, symbol names and compilation metadata which typically do not appear in production versions." See Intezer's blog for more on EvilGnome.

    Fedora recently announced the first preview release of Fedora CoreOS. From the announcement: "Fedora CoreOS is built to be the secure and reliable host for your compute clusters. It's designed specifically for running containerized workloads without regular maintenance, automatically updating itself with the latest OS improvements, bug fixes, and security updates. The initial preview release of Fedora CoreOS runs on bare metal, QEMU, VMware, and AWS, on x86_64 only." Go here to download and get started with Fedora CoreOS.

    Germany has banned its schools from using cloud-based productivity suites from Microsoft, Google, and Apple, because the companies weren't meeting the country's privacy requirements. Naked Security reports, that the statement from the Hessische Beauftragte für Datenschutz und Informationsfreiheit (Hesse Commissioner for Data Protection and Freedom of Information, or HBDI) said, "The digital sovereignty of state data processing must be guaranteed. With the use of the Windows 10 operating system, a wealth of telemetry data is transmitted to Microsoft, whose content has not been finally clarified despite repeated inquiries to Microsoft. Such data is also transmitted when using Office 365." The HBDI also stressed that "What is true for Microsoft is also true for the Google and Apple cloud solutions. The cloud solutions of these providers have so far not been transparent and comprehensible set out. Therefore, it is also true that for schools, privacy-compliant use is currently not possible."

    VirtualBox 6.0.10 was released this week. According to Linux Uprising, it's a maintenance release with mostly bug fixes, but it does have one main new addition: "support for UEFI secure boot driver signing on Ubuntu and Debian 10+ hosts". See the full Changelog for more details.

    Sparky 5.8 "Nibiru" has new live/install media available to download. This is the first release of the stable line based on Debian 10 "Buster". Changes include Linux kernel 4.19.37-5 (i686 and amd64) and 4.19.57-v7 (ARMHF), Calamares installer updated to 3.2.11, old third party repositories have been removed and much more. Go here to download the Sparky stable edition.
          News  Security  GNOME  Fedora  Germany  Microsoft  Google  Apple  VirtualBox  UEFI  Sparky Linux                   


  • Shrinking Linux Attack Surfaces
        by Zack Brown   
    Often, a kernel developer will try to reduce the size of an attack surface against Linux, even if it can't be closed entirely. It's generally a toss-up whether such a patch makes it into the kernel. Linus Torvalds always prefers security patches that really close a hole, rather than just give attackers a slightly harder time of it.

    Matthew Garrett recognized that userspace applications might have secret data that might be sitting in RAM at any given time, and that those applications might want to wipe that data clean so no one could look at it.

    There were various ways to do this already in the kernel, as Matthew pointed out. An application could use mlock() to prevent its memory contents from being pushed into swap, where it might be read more easily by attackers. An application also could use atexit() to cause its memory to be thoroughly overwritten when the application exited, thus leaving no secret data in the general pool of available RAM.

    The problem, Matthew pointed out, came if an attacker was able to reboot the system at a critical moment—say, before the user's data could be safely overwritten. If attackers then booted into a different OS, they might be able to examine the data still stored in RAM, left over from the previously running Linux system.

    As Matthew also noted, the existing way to prevent even that was to tell the UEFI firmware to wipe system memory before booting to another OS, but this would dramatically increase the amount of time it took to reboot. And if the good guys had won out over the attackers, forcing them to wait a long time for a reboot could be considered a denial of service attack—or at least downright annoying.

    Ideally, Matthew said, if the attackers were only able to induce a clean shutdown—not simply a cold boot—then there needed to be a way to tell Linux to scrub all data out of RAM, so there would be no further need for UEFI to handle it, and thus no need for a very long delay during reboot.

    Matthew explained the reasoning behind his patch. He said:

    Unfortunately, if an application exits uncleanly, its secrets may still be present in RAM. This can't be easily fixed in userland (eg, if the OOM killer decides to kill a process holding secrets, we're not going to be able to avoid that), so this patch adds a new flag to madvise() to allow userland to request that the kernel clear the covered pages whenever the page reference count hits zero. Since vm_flags is already full on 32-bit, it will only work on 64-bit systems.

    Matthew Wilcox liked this plan and offered some technical suggestions for Matthew G's patch, and Matthew G posted an updated version in response.
        Go to Full Article          


Page last modified on October 08, 2013, at 07:08 PM