RedHat: RHSA-2019-1269:01 Critical: firefox security update An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
[$] New system calls: pidfd_open() and close_range() The linux-kernel mailing list has recently seen more than the usual amountof traffic proposing new system calls. LWN is endeavoring to catch up withthat stream, starting with a couple of proposals for the management of filedescriptors. pidfd_open() is a new way to create a "pidfd" filedescriptor that refers to a process in the system, whileclose_range() is an efficient way to close many open descriptorswith a single call.
Security updates for Thursday Security updates have been issued by Debian (ffmpeg and firefox-esr), openSUSE (bzip2, chromium, and GraphicsMagick), Slackware (curl), SUSE (ucode-intel), and Ubuntu (curl and intel-microcode).
[$] Transparent huge pages for filesystems One thing that is known about using transparent huge pages (THPs) forfilesystems is that it is a hard problem to solve, but is there a solid firststep that could be taken toward that goal? That is the question Song Liu asked toopen his combined filesystem and memory-management session atthe 2019 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM).His employer, Facebook, has a solid use case for using THPs on files inthe page cache, which may provide a starting point.
[$] Lazy file reflink Amir Goldstein has a use case for a feature that could be called a "lazyfile reflink", he said, though it might also be described as "VFS-levelsnapshots". He went through the use case, looking for suggestions, in asession at the 2019 Linux Storage, Filesystem, and Memory-Management Summit(LSFMM). He has already implemented parts of the solution, but would liketo get something upstream, which would mean shifting from thestacked-filesystem approach he has taken so far.
openSUSE Leap 15.1 released The openSUSE project has announcedthe release of openSUSE Leap 15.1. "Leap releases are scalable and both the desktop and server are equally important for professional’s workloads, which is reflected in the installation menu as well as the amount of packages Leap offers and hardware it supports. Leap is well suited and prepared for usage as a Virtual Machine (VM) or container guest, allowing professional users to efficiently run network services no matter whether it’s a single server or a data center."
Stable kernel updates Stable kernels 5.1.4, 5.0.18, 4.19.45, 4.14.121, and 4.9.178 have been released. They all containimportant fixes and users should upgrade.
Security updates for Wednesday Security updates have been issued by CentOS (ruby and wget), Debian (proftpd-dfsg), Fedora (firefox, mupdf, nss, and wavpack), openSUSE (evolution, GraphicsMagick, graphviz, libxslt, openssl-1_0_0, ovmf, and sqlite3), Red Hat (dotnet, python27-python and python27-python-jinja2, and rh-mariadb102-mariadb and rh-mariadb102-galera), Slackware (mozilla), SUSE (gnutls, java-1_7_1-ibm, and java-1_8_0-ibm), and Ubuntu (curl, firefox, php5, and webkit2gtk).
Tor Browser 8.5 released Version8.5 of the Tor Browser is out. "Tor Browser 8.5 is the firststable release for Android. Since we released the first alpha version inSeptember, we've been hard at work making sure we can provide theprotections users are already enjoying on desktop to the Androidplatform. Mobile browsing is increasing around the world, and in someparts, it is commonly the only way people access the internet. In thesesame areas, there is often heavy surveillance and censorship online, so wemade it a priority to reach these users."
[$] Asynchronous fsync() The cost of fsync()is well known to filesystem developers, which is why there are efforts to providecheaper alternatives. Ric Wheeler wanted to discuss the longstanding idea ofadding an asynchronous version of fsync() in a filesystem sessionat the 2019 Linux Storage, Filesystem, and Memory-Management Summit(LSFMM). It turns out that what he wants may already be available via the new io_uring interface.
Hardware bootstrapping with Ansible At a recent Ansible London Meetup, I got chatting with somebody about automated hardware builds. "It's all cloud now!" I hear you say. Ah, but for many large organisations it's not—they still have massive data centres full of hardware. Almost regularly somebody pops up on our internal mail list and asks, "can Ansible do hardware provisioning?" Well yes, you can provision hardware with Ansible…read more
What is explainable AI? Explainable AI means humans can understand the path an IT system took to make a decision. Let’s break down this concept in plain English – and explore why it matters so much.
Open-spec Omega2 LTE SBC features Cat 4 and GNSS Onion’s $99, sandwich-style Omega2 LTE SBC for remote sensor applications with a MIPS-based, WiFi-enabled Omega2S+ compute module, a Quectel EC25 chipset with LTE Cat 4 and GNSS, plus USB Type-C, microSD, and battery support. Last December, Onion updated its MIPS-based, WiFi-enabled Omega2 board with a similarly OpenWrt-driven Omega2 Pro SBC that increased RAM to 512MB […]
Testing a Go-based S2I builder image In the first two articles in this series, we explored the general requirements of a Source To Image (S2I) system and prepared an environment specifically for a Go (Golang) application. Now let[he]#039[/he]s give it a spin.
Space Station welcomes free-flying, Ubuntu-powered autonomous robots NASA has deployed three free-flying “Astrobee” robots on the ISS for house-keeping tasks. The bots run Ubuntu/ROS and Android 7.1 on Snapdragon-based Inforce modules and a Wandboard and feature 3x payload bays, 6x cameras, and a touchscreen. We haven’t heard a news from the IBM Watson connected CIMON social robot since it debuted with a […]
Budgeting Software Options to Keep Linux Users From Seeing Red Budget apps for Linux are part of a software category that has been all but abandoned. But take heart. A number of Web-based solutions will more than meet your budget-tracking needs. However, do not mix the concept of open source with free. If you want an actual free budget program that works well with your flavor of Linux OS, a Web-based offering may your only option.
Digging for Bitcoin Is a Labor of Love It would have been reasonable for those attending Josh Bressers' session at CypherCon -- myself included -- to expect a presentation by a cryptocurrency expert. It was billed as a talk about plumbing the depths of the bitcoin blockchain. When Bressers admitted that his material grew out of a hobby, I was surprised. Still, the talk was far from disappointing.
Elive Elevates Linux With Enlightenment The Elive distro's integration of the Debian Linux base and the Enlightenment desktop is a powerful combination. Together, they offer a unique computing platform that is powerful and flexible. Elive is not like most Linux distributions. It does not have a team of workers supporting multiple desktop offerings cranking out frequent upgrades each year. It also does not have a thriving community.
Microsoft Becomes Master of Its Own Linux Kernel Microsoft has announced that its own full Linux kernel will power WSL2, the newest version of the Windows Subsystem for Linux. This marks the first time that Microsoft will include the Linux kernel as a component in Windows. Microsoft also introduced a Windows command line terminal that will add functionality to PowerShell and WSL. Both are intended primarily for developers.
POP!_OS Makes Classic GNOME Simpler to Use Are you Looking for a hassle-free Linux OS that is very user-friendly and extremely stable? Pop!_OS from System76 is a prime candidate to fit that order. Pop!_OS is an Ubuntu-based Linux distro featuring a custom GNOME desktop. Custom is *the* essential part of that description. The developers have done an impressive job of tailoring the classic GNOME environment into a unique desktop flavor.
Open Source Flaw Management Shows Signs of Improvement: Report Almost two years after the infamous Equifax breach, many organizations still struggle to identify and manage open source risk across their application portfolios. Meanwhile, the latest report tracking open source security shows a 40 percent rise in the average number of open source components detected in each codebase analyzed. The scanned software includes commercial applications.
Feren OS: An Almost Flawless Linux Computing Platform Feren OS might well be the Linux computing game-changer that lures you away from your current operating system. Feren OS is based on Linux Mint 19 and the Cinnamon desktop -- it currently does not give you any other desktop options. However, it comes with a wide assortment of configuration choices that let you tweak the look and feel into almost any customized appearance you could want.
Red Hat Breathes New Life Into Java Red Hat is the new keeper of the keys to two popular versions of the open source Java implementation, OpenJDK 8 and OpenJDK 11. The company has taken over stewardship from Oracle, which ended commercial support for Java 8 and the Oracle JDK 8 implementation of Java SE last year. Oracle left the enterprise Java business when it transitioned support and maintenance to the Eclipse Foundation.
Condres OS Conjures Up Pleasing Arch Linux Transition Condres OS, a distro much like the defunct Apricity OS, could be a speedier replacement for Linux OSes that have turned slow to no-go in recent new releases. Condres OS is an Arch-based distro that offers many pleasing usability traits similar to three popular Debian-based distros: Linux Mint; Peppermint; and Zorin, which bundles ICE and Wine accouterments. Condres OS, as is typical of Arch distributions, comes with a rolling release upgrade model.
Q4OS and TDE: A Juicy Little Linux Secret Q4OS and the little-known Trinity Desktop Environment are an unbeatable combination that provides a powerful and flexible computing platform. I periodically revisit releases of interesting Linux distros and developing new desktops in my weekly quest for exciting and innovative choices. I am always looking to tweak my Linux OS productivity. Some of these weekly forays turn up unexpected delights.
Elon Musk's Boring Company Wins Contract To Build Las Vegas Tunnel Elon Musk's Boring Company now has a paying customer. "Late Wednesday, the board of directors of the Las Vegas Conventions and Visitors Authority voted to grant a $48,675,000 contract to the Boring Company to build a 0.83-mile, three-station version of the company's Loop mass-transit system inside of Vegas' sprawling, revamped convention center, which is currently under construction," reports Wired. From the report: As previously outlined by BoCo, the Loop system is made up of 8- to 16-passenger battery-powered autonomous electric vehicles, built to shoot people from station to station at speeds of up to 150 mph. This Las Vegas system is slated to transport at least 4,400 passengers per hour between the center's new exhibit and south halls, about a 20-minute walk by foot. The Boring Company has also pledged to build an escalator or elevator system for each of the three stations, pedestrian entrances and exits, tunnel lighting, power and video surveillance systems, a control room, and cell phone, Wi-Fi, intercom, and ventilation systems. The convention center hopes to time the opening of the Loop with the 2021 Consumer Electronics Show. Las Vegas Mayor Carolyn Goodman was the only board member to vote against granting the Boring Company its bid. During the bidding process, Goodman had asked fellow board members to consider a more expensive proposal from another company, Doppelmayr. "Doppelmayr has been in existence for 125 years," Goodman wrote in a letter, according to the Las Vegas Sun. "They already have projects here that are operating successfully. The Boring Co. is 3 years old and has yet to deliver a final package on anything." Goodman's office did not immediately respond to a request for comment.
Comcast Does So Much Lobbying That It Says Disclosing It All Is Too Hard An anonymous reader quotes a report from Ars Technica: Comcast may be harming its reputation by failing to reveal all of its lobbying activities, including its involvement in trade associations and lobbying at the state level, a group of shareholders says in a proposal that asks for more lobbying disclosures. Comcast's disclosures for its lobbying of state governments "are often cursory or non-existent," and Comcast's failure to disclose its involvement in trade associations means that "investors have neither an accurate picture of the company's total lobbying expenditures nor an understanding of its priorities, interests, or potential risks from memberships," the proposal said. "Comcast's lack of transparency around its lobbying poses risks to its already troubled reputation, which is concerning in a highly regulated industry, especially given the rise of public Internet alternatives." The proposal is on the ballot for Comcast's June 5 annual shareholder meeting and was filed by Friends Fiduciary, which "invest[s] based on Quaker values" and says it "actively screen[s] companies for social responsibility." Friends Fiduciary and other investors who joined the proposal collectively hold "over 1 million shares of Comcast stock," they said. The shareholder resolution would be non-binding even if it passed. It asks for an annual report disclosing, among other things, "Payments by Comcast used for (a) direct or indirect lobbying or (b) grassroots lobbying communications" and information on "Comcast's membership in and payments to any tax-exempt organization that writes and endorses model legislation." Comcast's board unanimously recommended that shareholders vote against the Friends Fiduciary resolution, saying that Comcast "already disclose[s] most of our government lobbying interactions" as required by law. "[O]ur Board believes that the requirements in this proposal are burdensome and an unproductive use of our resources and are not in the best interests of our shareholders," Comcast said in a rebuttal included in its proxy statement.
Facebook Removed 2.2 Billion Fake Accounts This Year Facebook released its community standards enforcement report Thursday morning, offering a much more in-depth look at the inner workings of the company than previously seen. From a report: One of the most surprising insights came from Facebook's removal of fake accounts. The company said it removed 2.2 billion accounts in the first quarter of the 2019. That's a jump of nearly double compared to the fourth quarter of 2018 when 1.2 billion accounts were removed. That number seems astronomical, especially when considering that Facebook says it has 2.38 billion monthly active users overall. The reason that the social network can boast nearly as many removals as it has active users is that it typically finds and removes bogus accounts within minutes of them signing up. As a result, Facebook estimates that only 5% of its monthly active users are fake.
Mark Zuckerberg Dismisses Calls To Break Up Facebook Facebook CEO Mark Zuckerberg on Thursday rebuffed calls for the company to be broken up over competition concerns, disputing claims the firm has grown too dominant. From a report: During a call with reporters, Zuckerberg was pressed to address recent calls from Democratic officials and one Facebook co-founder for federal regulators to force the company to spin off WhatsApp and Instagram, previously acquired in two blockbuster deals. "I think it kind of almost goes without saying that we exist in a very competitive and dynamic environment where new services are constantly coming up," Zuckerberg said. He later disputed arguments that the company has grown too dominant as an advertising player as "a little stretched," noting the company controls just around a fifth of the global digital ad market. "I don't really think that the remedy of breaking up the company is going to address those," he said. "I actually think it's going to make it a lot harder." Further reading: Facebook's Sheryl Sandberg: Chinese Tech Companies Are Also Powerful, and Will Not Be Broken Up.
Julian Assange Charged in 18-Count Indictment For WikiLeaks Disclosures Julian Assange was charged Thursday in an 18-count superseding indictment for his role in orchestrating the 2010 WikiLeaks disclosures, described by the U.S. government as "one of the largest compromises of classified information in the history of the United States." From a report: According to the Justice Department, the new charges from a federal grand jury in the Eastern District of Virginia allege that "Assange's actions risked serious harm to United States national security to the benefit of our adversaries." According to the DOJ announcement, Assange faces a maximum penalty of 10 years in prison on each charge with the exception of one charge related to conspiracy to commit computer intrusion. Assange was previously indicted in April on a single-count conspiracy to commit computer intrusion charge for his role in Chelsea Manning's disclosure of classified materials made public by WikiLeaks in 2010, which the government has called "one of the largest compromises of classified information in the history of the United States."
Snapchat Employees Abused Data Access To Spy on Users Several departments inside social media giant Snap have dedicated tools for accessing user data, and multiple employees have abused their privileged access to spy on Snapchat users, Motherboard reported on Thursday. From the report: Two former employees said multiple Snap employees abused their access to Snapchat user data several years ago. Those sources, as well as an additional two former employees, a current employee, and a cache of internal company emails obtained by Motherboard, described internal tools that allowed Snap employees at the time to access user data, including in some cases location information, their own saved Snaps and personal information such as phone numbers and email addresses. Snaps are photos or videos that, if not saved, typically disappear after being received (or after 24 hours if posted to a user's Story). [...] Although Snap has introduced strict access controls to user data and takes abuse and user privacy very seriously according to several sources, the news highlights something that many users may forget: behind the products we use everyday there are people with access to highly sensitive customer data, who need it to perform essential work on the service. But, without proper protections in place, those same people may abuse it to spy on user's private information or profiles.
Many Google Duplex Calls Are From Real People Instead of AI Google's Duplex reservations might be more widely available, but that doesn't mean the AI is ready to handle every call. From a report: The company has confirmed to the New York Times that about 25 percent of the Assistant-based calls start with a human in a call center, while 15 percent require human intervention. In the newspaper's tests, the ratio was higher -- real people completed three out of four of their successful bookings. There are multiple reasons for relying on the human touch. In one case, Duplex didn't appear to pick up the cues that reservations were available. It may also need training on more real-world calls before it can handle every situation. More importantly, the company argued that it was taking a cautious approach. It wants to treat businesses with respect, and that means gradually transitioning to the AI as it becomes better-suited to dealing with staff.
Redditor Allowed To Stay Anonymous, Court Rules Online free speech has been given a victory, with a federal court ruling that a Redditor can remain anonymous in a copyright lawsuit. From a report: This means anyone from around the globe who posts on Reddit can still rely on First Amendment protections for anonymous free speech, because Reddit is a US platform with a US audience. The Electronic Frontier Foundation fought on behalf of Reddit commenter Darkspilver, a Jehovah's Witness who posted public and internal documents from The Watch Tower Bible and Tract Society online. Watch Tower subpoenaed Reddit to provide identity information on Darkspilver for the court case, but the EFF filed a motion to quash this, citing "deep concerns that disclosure of their identity would cause them to be disfellowshipped by their community." In February 2019, Darkspilver posted an advertisement by the Jehovah's Witness organization that asks for donations, as well as a chart showing what personal data the organization keeps. Watch Tower said both of these were copyrighted items. The Redditor argued it was fair use, because he posted the ad for commentary and criticism purposes.
Antergos Linux Has Been Discontinued Suren Enfiajyan writes: An Arch Linux based distribution, Antergos, has been discontinued. The project's primary goal was to make Arch Linux available to a wider audience of users by providing a streamlined, user friendly experience including a safe place for users to communicate, learn, and help one another. There have been 931,439 unique downloads of Antergos Linux since 2014. The primary reason for ending support for it was that the developers no longer have enough free time to properly maintain the distribution. They came to this decision because they believe that continuing to neglect the project would be a huge disservice to the community. Taking this action now, while the project's code still works, provides an opportunity for interested developers to take what they find useful and start their own projects. For existing Antergos users: there is no need to worry about installed systems as they will continue to receive updates directly from Arch. Soon, an update will be released that will remove the Antergos repos from system along with any Antergos-specific packages that no longer serve a purpose due to the project ending. Once that is completed, any packages installed from the Antergos repo that are in the AUR will begin to receive updates from there. The Antergos Forum and Wiki will continue to be available until such time it becomes clear that users have moved on to other projects.
Wikipedia To Fight Turkey Ban in European Human Rights Court Wikmedia, the foundation that runs Wikipedia said Thursday it had filed a lawsuit with the European Court of Human Rights to lift Turkey's two-year block on the online encyclopedia. From a report: Wikipedia said the ban violates fundamental freedoms, including the right to freedom of expression, which is guaranteed under the European Convention. The application, which was announced today during a press call, comes after Wikipedia's "continued and exhaustive" attempts to overturn the ban in Turkish courts failed to bear fruit. "Wikipedia is a global resource that everyone can be actively part of shaping," said Katherine Maher, Wikimedia executive director. "It is through this collective process of writing and rewriting and debate that Wikipedia becomes more useful, more comprehensive, and more representative. It is also through this process that we, a global society, establish a more comprehensive consensus on how we see the world." Turkey rolled out a blanket ban on Wikipedia citing national security concerns, in a move that has been widely condemned as a crackdown on free speech.
ZombieLoad Mitigation Costs For Intel Haswell Xeon, Plus Overall Mitigation Impact With tests over the past week following the disclosure of the Microarchitectural Data Sampling (MDS) vulnerabilities also known as "Zombieload", we've looked at the MDS mitigation costs (and now the overall Spectre/Meltdown/L1TF/MDS impact) for desktop CPUs, servers, and some laptop hardware. I've also begun doing some tests on older hardware, such as some Phoronix readers curious how well aging Intel Haswell CPUs are affected...
Firefox 68 Performance Is Looking Good With WebRender On Linux With Firefox 67 having released this week, Firefox 68 is in beta and its performance from our tests thus far on Ubuntu Linux are looking real good. In particular, if enabling the WebRender option that remains off by default on Linux, there are some nice performance gains especially.
AMD GCN GPU Target Continuing To Improve For The GCC 10 Compiler With the recent release of the GCC 9 stable compiler there is the initial "AMD GCN" GPU target/back-end merged. However, for this GNU Compiler Collection release the AMD GCN target isn't all that useful but continued work on it gives us hope of seeing it in good shape for next year's GCC 10 release...
In the past 20 years, more than 800 children have died of heatstroke in cars in the US. Now, a group of lawmakers wants to require alerts that would remind parents to check for children in the backseat before exiting the vehicle. Legislation announced today would mandate "a distinct auditory and visual alert," and it would require a feasibility study for retrofitting existing vehicles with the system.
Proponents note that most vehicles alert drivers when they forget their keys in the ignition, leave the headlights on or fail to close a door. They say it should be no different when you forget your kid. "Technologies alerting drivers to check their backseats for children exists today but has not been widely deployed," Congressman Frank Pallone, Jr. (D-NJ) said in a hearing today.
In a statement, the Alliance of Automobile Manufacturers said it will carefully review any legislative proposals. It added that fewer than 13 percent of new car buyers have a child under six years old and it takes about two decades for new technology to reach all passenger vehicles on the road. Increased public awareness is a faster path to safety, the Alliance says.
There's no question that car manufacturers are developing more advanced safety systems. Earlier this week, Chevrolet announced a new feature that prevents teens from shifting out of park until they buckle. And retrofitting vehicles may be easier in the future when more automakers adopt over-the-air software updates. But the legislation could raise the question of which technologies to make mandatory. "If an automotive feature or technology proves it can save lives, it should not be a luxury reserved only for those who can afford to buy the highest end cars," Congressman Pallone said.
He's accused of publishing classified information obtained by whistleblower and former Army intelligence officer Chelsea Manning, who is currently in jail for refusing to cooperate with a grand jury. The documents allegedly included unredacted details about foreign people who have assisted the US military in Iraq and Afghanistan, and State Department officials around the world. His actions allegedly "risked serious harm to United States national security to the benefit of our adversaries and put the unredacted named human sources at a grave and imminent risk of serious physical harm and/or arbitrary detention."
The Justice Department accuses Assange of conspiring with Manning to obtain the documents, and "aided and abetted her in obtaining classified information with reason to believe that the information was to be used to the injury of the United States or the advantage of a foreign nation." The indictment further states that "Assange, WikiLeaks affiliates and Manning shared the common objective to subvert lawful restrictions on classified information and to publicly disseminate it."
Starting in late 2009, Assange allegedly solicited US classified information, a call to which Manning is said to have responded. According to the indictment, she gave Assange and WikiLeaks information related to "approximately 90,000 Afghanistan war-related significant activity reports, 400,000 Iraq war-related significant activities reports, 800 Guantanamo Bay detainee assessment briefs, and 250,000 U.S. Department of State cables." Many of the documents were highly classified.
Some press freedom groups have claimed that Assange's actions should be classified as journalism and as such he shouldn't be punished. However, US officials have rejected that assertion. "Assange is not a journalist," one said, according to CNBC. "No responsible actor, journalist or otherwise, would purposely publish names he or she knew to be confidential sources in warzones."
The Justice Department previously alleged Assange conspired to help Manning crack a password to gain access to a Department of Defense system that included classified information. Assange is currently in custody in the UK, and is awaiting extradition to the US. He faces a 10-year prison sentence on each count, save for conspiracy to commit computer intrusion, which carries a maximum sentence of five years.
Last year, Scuf introduced its Vantage customizable PS4 controller. It offered PlayStation fans a more comfortable grip and the ability to increase speed by cutting down on hand movements. Now, Scuf is ready to unveil a controller for Xbox One, the Prestige. The gamepad builds on Scuf's previous customizable features and adds perks like a longer battery life -- thanks to a lithium-ion battery that boasts up to 30 hours on a full charge.
Last year, Scuf introduced its Vantage customizable PS4 controller. It offered PlayStation fans a more comfortable grip and the ability to increase speed by cutting down on hand movements. Now, Scuf is ready to unveil a controller for Xbox One, the Prestige. The gamepad builds on Scuf's previous customizable features and adds perks like a longer battery life -- thanks to a lithium-ion battery that boasts up to 30 hours on a full charge.
A patent made public today and filed by Amazon would allow the company's voice assistant Alexa to start recording audio before users say a "wake word." According to the patent, it would allow users to more naturally communicate with their devices, saying phrases like "Play some music, Alexa" rather than starting each command with "Alexa" or another chosen wake word. Currently, the voice assistant is unable to listen to or understand commands until the user utters the wake word.
In practice, the patent would allow Alexa to "look backward" at recent things said aloud prior to hearing its name. For example, if a user said something like, "What's the weather going to be like today, Alexa?" the device would hear the trigger word "Alexa" and quickly go back over the prior phrase to process the command. To accomplish that, the voice assistant would constantly be recording, storing and processing speech, then quickly deleting it if it is not relevant.
Such a feature, if implemented, would provide considerable privacy concerns for users. The patent attempts to account for that, giving users the choice to allow Alexa to record and store audio for between 10 and 30 seconds at a time.
"The technology in this patent is not in use, and referring to the potential use of patents is highly speculative," a spokesperson for Amazon told Engadget. "Like many companies, we file a number of forward-looking patent applications that explore new scientific ideas that may not make it into customer-facing products. Patents take multiple years to receive and do not necessarily reflect current or near-future state of products and services."
The 2019 Acura NSX is a supercar built for everyday auto nerds By law, I have to mention the 1990 Acura NSX before telling you about the 2019 NSX. It was a big deal -- supercars were supposed to be from Europe, not Japan. The NSX changed that with an outstanding vehicle that caught everyone's attention. People adored it, then Acura stopped it.
In 2017, the automaker revived the supercar to much fanfare, mostly from Acura itself. Then in 2019, it made that updated car better. Actually, the software and hardware tweaks the engineers applied to the supercar made it magnificent. But nostalgia is a tough nut to crack. So for some, no matter what Acura does, the NSX (starting at $157,500) will never be the car they remember from when the first George Bush was in the White House. That's fine, the rest of us can enjoy NSX while they stalk Bring-a-Trailer auctions.
Meanwhile, the 2019 NSX is a technological wonder that starts with the powertrain. The supercar's Super Handling All-Wheel Drive (SH-AWD) system is powered by one 3.5-liter twin-turbo V-6 internal combustion engine (ICE) situated behind the passenger cabin and three electric motors. The gas engine and one of the electric motors power the rear wheels, while the front wheels each get their very own electric power plant. So it's a hybrid. But not like a Prius, it's something much much better.
Those four propulsion devices give the NSX 573 horsepower and 476 pounds of torque. That's enough to get it to 60 miles an hour from a standstill in 2.9 seconds. That's the kind of speed that gives passengers the nervous giggles as their internal organs are shoved into the back of their bodies. The techiest part about that is that in Launch Mode, the first .15 seconds of the NSX taking off is done entirely by the electronic motors.
The benefit of the electron-powered boost is not just the fun torque, it also reduces the wear and tear on the ICE. Jamming your foot on the accelerator for the pure joy of just going fast as quickly as possible is murder on mechanical parts. By offloading the initial jolt to the electric motors (which have very few moving parts), Acura is saving NSX owners from costly repairs in the future.
That's where tech improves the livability of the NSX. Supercars are amazing and notoriously fragile. McLarens, Ferraris, Lamborghinis; these are not built for daily runs to the supermarket. They're pieces of rolling artwork. You occasionally put them on display around town, in the mountains, or at the track. You're not taking a Lamborghini Huracan to Costco. Yet Acura is trying to bridge that gap between an owner's regular life and their supercar life.
The NSX doesn't have doors that swing up; hey open like regular car doors. Besides the sport seats and the lack of permanent cup holders (you grab one out of the glove box and shove it into a hole on the passenger side of the console), the interior of the NSX looks like a regular Acura. There's not a lot of fighter jet-inspired dials or levers. There are some carbon fiber flourishes and half of the steering wheel is made from the lightweight material, but it's actually a very subdued affair.
Fortunately, the driving is not. Once you combine the SH-AWD and combination electric and internal combustion powertrain, the NSX is quick off the line and goes exactly where you point it on the road. The mid-engine roar reminds you that you're behind the wheel of something that'll get your pulse pounding.
Cornering was tight without feeling fidgety; the drive by wire system did an amazing job recreating the feel of the road via a mechanical steering system. It added tension when needed and reduced it at slower speeds. But eventually you have to slow down and when you do, the NSX is ready.
The vehicle's Quiet mode dampens the roar of the gas engine and because it's a hybrid with a battery, you can actually drive it in EV mode. You have to baby the accelerator, but it is possible to cruise around town without using any fuel or disturbing the locals. Apparently, Acura thinks that if you're going to build a supercar people can live with, you better make sure their neighbors can live with it too.
Its drive by wire system is one of the best I've ever experienced, it handles unbelievably, and it got Acura's record of reliability behind it. So it's the total tech package? Yeah, not so much.
The biggest head scratcher in this car is the infotainment system. It's the one that plagued Hondas and Acuras a few years ago. It's ugly, slow and seems completely out of place in the NSX. While the automaker made some great software and hardware tweaks to the NSX for 2019, they left 2017's infotainment system in the dash. Fortunately, it supports CarPlay and Android Auto, so use those.
You'll probably forget that every time you get out of the car though -- the NSX looks amazing. It's one of those cars that looks better in real life. I liked it in pictures, but its true design magic requires you to stare at it in real life.
It even has a very small trunk behind the engine because it's a supercar. It's big enough for one carry on piece of luggage and two medium-sized backpacks. But be warned, because it's behind the engine and above the exhaust, it gets warm in there. So it's great for keeping your takeout food warm, bad for ice cream or really anything that melts.
It's easy to get caught up in nostalgia. The iPhone 4 was the best iPhone. The original Doctor Who is the best Doctor. Shatner forever! The original NSX was and continues to be an amazing piece of automotive history. But the new NSX is outstanding in its own right. Don't be that person stuck in the past, because the newest supercar from Acura is great and we all know that Picard was the best Starfleet captain.
This smart lock is back down to a $100 from a street price typically around $125, matching the previous best price we've seen. Designed for those who want to use their existing deadbolts, you only need to swap out the thumb-turn mechanism from the inside of the door. In our guide, we praise this model for being a good option for renters.
The August Smart Lock (3rd Gen) is the budget pick for an existing deadbolt in our guide to the best smart lock. Wirecutter Editor Jon Chase wrote, "The August Smart Lock (3rd Gen) is an affordable choice if you want to use your existing deadbolt (which means you also get to keep your existing key). As with all August products, the instructions and setup process are almost delightfully friendly and thoughtful, with straightforward video instructions. The all-metal housing has reassuring bulk and heft, and the traditional thumb turn has a precise movement. This August is controlled solely by Bluetooth and a smartphone and is able to integrate only with Nest devices—unlike the widely compatible big sibling August Smart Lock Pro—which explains the steep price cut." Motorola MB7621 Modem
Street price: $80;deal price: $68
Down to $68 from a street price around $80, this is one of the first notable drops we've seen for this recommended cable modem. While the MB7621 supports the same speeds as our top pick, it doesn't have approval certifications from as many ISPs. If you don't mind the extra step of checking your ISP's compatibility, this is a nice option.
The Motorola MB7621 is the runner-up pick in our guide to the best cable modem. Wirecutter Senior Staff Writer Joel Santo Domingo and Wirecutter Staff Writer Thorin Klosowski wrote, "The Motorola MB7621 is a 24×8 DOCSIS 3.0 modem that supports the same performance levels as the Netgear CM600. The MB7621 is less expensive and comes with a two-year warranty, a year longer than the CM600's coverage. But it doesn't appear on quite as many ISP approved modem lists as the Netgear modems; Cable One, Cox, and Comcast Xfinity all have the MB7621 on their online approved lists, and Spectrum and WOW have recently added it, but you should still check with your ISP's service department to make sure it's compatible. The MB7621 doesn't have quite as large a pool of reviews, but what people have to say is very positive. It's a great choice if your ISP supports it." ClearStream Eclipse TV Antenna
Street price: $35;deal price: $30
Now around $5 off the slowly dropping street price, this recurring deal matches the lowest price we've seen for this recommended antenna. If you're looking to get rid of cable, this option may fit the bill, especially for those seeking a low profile antenna easily hidden behind a TV.
The ClearStream Eclipse is the top pick in our guide to the best indoor HDTV antenna. Wirecutter Senior Editor Grant Clauser wrote, "In our tests, the Antennas Direct ClearStream Eclipse proved to be the best-performing antenna in multiple test locations. It pulled in more stations, including distant and hard-to-lock-in stations, than any of the other antennas, and the sticky "Sure Grip" pads make it easy to attach to a wall without making holes. If you want to hide it completely, it's flat and small enough to fit behind most wall-mounted TVs. And if you need to position the antenna out in the open, it doesn't look like something you hang laundry on." 1 Eero + 2 Eero Beacons
Street price: $400;deal price: $320
While the Eero is slightly slower than our top mesh networking kit pick, it offers better family features, a smartphone app, and has more flexible building coverage. This isn't quite the best deal we've seen, but deals have been comparatively rare. If you have a large or difficult to cover residence, this is a nice opportunity to save, but note that Amazon now owns Eero, so it's likely we'll see Prime Day deals for Eero options.
The 1 Eero with 2 Eero Beacons is the runner-up pick in our guide to the best Wi-Fi mesh-networking kits for most people. Jim Salter and Wirecutter Senior Staff Writer Joel Santo Domingo wrote, "If your house has a really challenging size and shape—or you just have a strong preference for their looks—an Eero and two Beacons are a great alternative to Orbi's two-piece RBK50. Eero was the first consumer mesh-networking kit. The system is physically attractive, technologically flexible, and well-established. It has also improved tremendously since its launch, thanks to new firmware and more powerful second-generation hardware."
Because great deals don't just happen on Thursday, 'sign up for our daily deals email' and we'll send you the best deals we find every weekday. Also, deals change all the time, and some of these may have expired. To see an updated list of current deals, 'please go here'.
Google is making Duo more useful as it's rolling out group video calls to everyone on Android and iOS. You can have up to eight people on a call at once (a far lower limits than FaceTime's 32 and Skype's 50). Group calls gradually went live in some markets this month, but now they'll be available for everyone.
There's also a data saving mode for mobile data networks and WiFi on Android in certain markets, including Brazil, India and Indonesia. Google says when it's active, both you and the person you're calling will save data. The feature will arrive in more regions in the coming months.
In addition, Google is letting you spice up your video voicemails. On Android (and soon on iOS), you can add text, emojis and doodles to your messages.
Lyft's frugal Shared Saver option is now available to many more people. The ridesharing service ahs trotted out its most affordable option to six more large US cities, including Atlanta, Las Vegas, Miami, Philadelphia, San Francisco and Seattle. The principle remains the same: if you're comfortable with both sharing a ride and walking short distances, you can save a bit of cash versus demanding exact pick-ups and drop-offs.
The choice was previously available only in Denver, New York City and San Jose.
As before, there's a few motivations behind Shared Saver's existence. Lower costs could entice more people to use Lyft, of course, but this also encourages greater use the company's bikes and scooters. There's also the simple matter of flexibility. This lets you see more of the city (and get in some very light exercise) without having to walk long distances.
For the record, the appropriate response to being called a slut isn't, "I'd blush if I could." But that's what Siri is programmed to say. According to a report by the United Nations, the fact that most voice assistant are gendered as young women is reinforcing harmful stereotypes that women are docile and eager to please, even when they're called lewd names.
The report, Closing Gender Divides in Digital Skills Through Education, calls on companies like Google, Amazon, Apple and Microsoft to stop making digital assistants female by default. It'd be even better to make them genderless, the report says -- as Google has attempted to do by labeling its voices red and orange, rather than male or female. The UN also calls on tech companies to address the gender skills gap, noting that women are 25 percent less likely to have basic digital skills than men.
This isn't the first time AI's gender bias has been questioned. Siri even changed her original response to being called a b-word. But, the report states, "the assistant's submissiveness in the face of gender abuse remains unchanged." The document includes a chart showing how the four leading AI voice assistants respond to being called hot, pretty, slutty or a "naughty girl." More often than you'd hope, they express gratitude. In other cases, they respond with a joke or claim they don't understand.
The issue will only become more pressing as AI assumes a greater role in our lives. According to the report, voice-based web searches now account for close to one-fifth of mobile internet searches. That number is projected to reach 50 percent by 2020. As the UN puts it, people will have more conversations with digital assistants than with their spouse -- hopefully they'll treat both with respect.
Engadget has reached out to Apple, Amazon, Google and Microsoft for comment.
Senators have overwhelmingly backed a bill to combat robocalls. They voted 97-1 to pass the Telephone Robocall Abuse Criminal Enforcement and Deterrence Act, which would empower law enforcement to tackle robocallers, and bump up civil penalties to as much as $10,000 per call.
Despite the introduction of the Do Not Call registry in 2003, robocalls are still plaguing Americans and placing vulnerable members of society at risk of falling victim to scammers. The bill now goes to the House for further consideration -- members of that chamber have also introduced other bills to tackle robocalls.
Should it become law, the TRACED Act would set up an inter-agency group including the Federal Communications Commission, Federal Trade Commission, the Consumer Financial Protection Bureau, the State Department, the Commerce Department and state attorneys general. They'd offer Congress recommendations on preventing nuisance and dangerous robocalls and prosecuting those behind them at federal and state level, along with strategies to implement them.
The FCC would also be tasked with proposing new rules to protect people from receiving unwanted calls and messages from unauthenticated numbers. Meanwhile, the legislation would extend the statute of limitations on robocalls from two to three years.
Buying an IBM mainframe I bought an IBM mainframe for personal use. I am doing this for learning and figuring out how it works. If you are curious about what goes into this process, I hope this post will interest you. Is it just me, or is everyone buying an IBM mainframe these days? Whats with the sudden resurgence in interest?
OpenVMS x86-64 port achieves first DIR command VSI is porting OpenVMS to x86-64. The company has done a lot of work, and it is beginning to bear fruit. Recently theyve managed to boot the kernel and perform a DIR command. Grand steps indeed. Truly amazing work!
Apple and Amazon cut a deal that upended the Mac resale market When John Bumstead looked at listings for his products on Amazon.com in early January, he was waiting for the guillotine to fall. A small online business owner from Minneapolis, Minnesota, Bumstead specializes in refurbishing and selling old MacBooks, models he typically buys from recyclers and fixes up himself. But on January 4th, Bumstead’s entire business dwindled into nonexistence as his listings were removed from the platform due to a new policy limiting all but the largest companies and specially authorized providers from selling Apple products. Apple made a special deal with Amazon to basically exterminate all third party repair services and used Apple product sellers that arent specifically approved by Apple. The result is a sharp increase in pricing on used Apple products sold on Amazon exactly what Apple wants, of course and smaller, non-Apple approved resellers are dying off. Charming. And people actually claim Apple has morals and values.
The US DOC gives Huawei a 90-day window to support existing devices The Trump administration is working to ban Huawei products from the US market and ban US companies from supplying the Chinese company with software and components. The move will have wide-ranging consequences for Huaweis smartphone, laptop, and telecom-equipment businesses. For the next 90 days, though, Huawei will be allowed to support those products. The US Department of Commerce (DOC) has granted temporary general export license for 90 days, so while the company is still banned from doing business with most US companies, it is allowed to continue critical product support. Meanwhile, ARM has also cut ties with Huawei. This story is far, far from over.
Linux distributions without systemd If you are reading this post youre very much likely not a fan of systemd already. So we wont preach on why systemd is bad, but today well focus more on what are the alternatives out there. Our approach is obviously not for settling for less but for changing things for the better. We have started the world after systemd project some time ago and the search isnt over. So what are the non-systemd distros out there? Ill be honest and say that I completely missed the systemd controversy back when it happened, and while Ive tried reading up on the criticism of systemd, I clearly lack the technical acumen to say anything meaningful about it either way. But hey, for those of you out there who dont like systemd this ones for you.
Google pulls Huaweis Android license Big news over the weekend. Following The United States governments ban on importing products from Huawei, Google had to suspend Huaweis Android license. Alphabets Google has suspended business with Huawei that requires the transfer of hardware, software and technical services except those publicly available via open source licensing, a source familiar with the matter told Reuters on Sunday, in a blow to the Chinese technology company that the U.S. government has sought to blacklist around the world. Holders of current Huawei smartphones with Google apps, however, will continue to be able to use and download app updates provided by Google, a Google spokesperson said, confirming earlier reporting by Reuters. This means that from now on, Huawei only has access to the AOSP parts of Android it no longer has access to the Google Play Store and other Google Play Services. This is a major blow to Huaweis business in the United States. Other companies, like Intel and Qualcomm, have also complied with the US governments ban and are also blacklisiting Huawei. Huaweis response doesnt say much: Huawei has made substantial contributions to the development and growth of Android around the world. As one of Android’s key global partners, we have worked closely with their open-source platform to develop an ecosystem that has benefitted both users and the industry. Huawei will continue to provide security updates and after-sales services to all existing Huawei and Honor smartphone and tablet products, covering those that have been sold and that are still in stock globally. Its important to note that the US government has as of yet been unable to provide any evidence that Huawei devices contain backdoors or are somehow used to spy on people. That being said, it wouldnt be hard to imagine such a scenario all countries spy on all other countries, and China is in a unique position, as the manufacturing centre of the world, to do so. I do wish to point out, though, that devices from other companies Apple, Google, Dell, and virtually everyone else are manufactured in the same factories by the same people led by the same managers owned by the same Chinese government as Huawei devices. Singling out Huawei, while trusting your Pixel 3 or iPhone X which rolls off the same assembly line, seems naive, at best. China will, probably, retaliate, especially since Chinese people themselves seem to solidly back Huawei. The totalitarian government has many ways it can strike back, and with a growing sentiment in China to boycott Apple, it wouldnt be surprising to see China target Apple, specifically, in its response.
Translating an ARM iOS app to Intel macOS using Bitcode What is Bitcode? Well, bitcode with a small b is an architecture-specific intermediate representation used by LLVM, and capital-B Bitcode pertains to a set of features allowing you to embed this representation in your Mach-O binary and the mechanisms by which you can provide it to Apple in your App Store submissions. Of course, the specter of macOS on ARM has been in the public psyche for many years now, and many have pondered whether Bitcode will make this transition more straightforward. The commonly held belief is that Bitcode is not suited to massive architectural changes like moving between Intel and ARM. I was unconvinced, so I decided to test the theory! By Steven Troughton-Smith, so you know youre going to learn more than you bargained for.
Wide color photos are coming to Android Android is now at the point where sRGB color gamut with 8 bits per color channel is not enough to take advantage of the display and camera technology. At Android we have been working to make wide color photography happen end-to-end, e.g. more bits and bigger gamuts. This means, eventually users will be able to capture the richness of the scenes, share a wide color pictures with friends and view wide color pictures on their phones. And now with Android Q, its starting to get really close to reality: wide color photography is coming to Android. So, its very important to applications to be wide color gamut ready. This article will show how you can test your application to see whether its wide color gamut ready and wide color gamut capable, and the steps you need to take to be ready for wide color gamut photography.
IBM 360 Model 20 rescue and restoration In late April of 2019 Adam Bradley and Chris Blackburn were sitting in a pub on a Monday night when Chris happened across a somewhat unusual eBay listing for an IBM 360 Model 20. This eBay listing was unusual mainly because it didn’t actually list the computer as an IBM 360, but rather as an “seltene Anlage “Puma Computer IBM 2020” which roughly translates from German into “rare plant “Puma Computer IBM 2020”. Amazing story.
Three big reasons why Americans aren’t upgrading their phones Last month, Verizon and AT8T made official something you’ve probably been aware of for a while: American smartphone owners are upgrading a lot less than they used to. In fact, they’re hitting record lows at the two biggest US carriers, with people apparently more content than ever to keep hold of their existing device. This is a global trend, as the smartphone market is reaching maturity and saturation in many developed nations, and yet it’s most pronounced in the United States for a few reasons particular to the country. The article focuses on the United States, but correctly points out this is a global trend in the developed world. Not only are phones quite expensive, they have also been more than good enough for quite a few years now, and theres very little in the sense of revolutionary progress being made form generation to generation. Earlier this year, I dropped my OnePlus 6T on a sharp rocky edge, and it broke the glass back. I sent it in for repairs €40, not bad and while it was being repaired, I dusted off my old Nexus 6P and used it instead. I was surprised by just how perfectly fine and usable it was sure, it was a little slower here and there, the screen isnt as nice, those sorts of things, but as a whole, if I hadnt had the 6T to compare it to, I would be none the wiser. It makes perfect sense for general consumers to stick with their expensive phones for longer, especially now that the market has pretty much saturated.
GitHub launches a new tool called Sponsors that lets you make payments to open-source developers. Tech Crunch reports, that "Developers will be able to opt into having a 'Sponsor me' button on their GitHub repositories and open source projects will also be able to highlight their funding models, no matter whether that's individual contributions to developers or using Patreon, Tidelift, Ko-fi or Open Collective.
Feral Interactive announces that Total War: THREE KINGDOMS is out on Linux and macOS, the same day as the Windows release. The game was developed by Creative Assembly and is the first in the Total War series to be set in ancient China. It's available now from the Feral Interactive Store for $59.99, and you can watch the trailer here.
IBM announces global expansion of its IBM Watson Decision Platform for Agriculture. From the press release: "For the first time, IBM is providing a global agriculture solution that combines predictive technology with data from The Weather Company, an IBM Business, and IoT data to help give farmers around the world greater insights about planning, plowing, planting, spraying and harvesting."
NASA has deployed three "Astrobee" robots on the International Space Station to do house-keeping tasks. According to Linux Gizmos "the bots run Ubuntu/ROS and Android 7.1 on Snapdragon-based Inforce modules and a Wandboard and feature 3x payload bays, 6x cameras, and a touchscreen." The Astrobees are named Honey, Queen and Bumble. Linux Gizmos writes that their chief job "is to let astronauts remotely monitor equipment via the bots' cameras and mic while the they're working elsewhere on the ISS. They can also perform inventory and do other housekeeping chores, or act as a general-purpose floating touchscreen computer." NewsGitHubgamingFeral InteractiveIBMIOTAIElisaKDEmultimediaNASAUbuntuAndroid
Crazy Compiler Optimizations by Zack Brown Kernel development is always strange. Andrea Parri recently posted a patch to change the order of memory reads during multithreaded operation, such that if one read depended upon the next, the second could not actually occur before the first.
The problem with this was that the bug never could actually occur, and the fix made the kernel's behavior less intuitive for developers. Peter Zijlstra, in particular, voted nay to this patch, saying it was impossible to construct a physical system capable of triggering the bug in question.
And although Andrea agreed with this, he still felt the bug was worth fixing, if only for its theoretical value. Andrea figured, a bug is a bug is a bug, and they should be fixed. But Peter objected to having the kernel do extra work to handle conditions that could never arise. He said, "what I do object to is a model that's weaker than any possible sane hardware."
Will Deacon sided with Peter on this point, saying that the underlying hardware behaved a certain way, and the kernel's current behavior mirrored that way. He remarked, "the majority of developers are writing code with the underlying hardware in mind and so allowing behaviours in the memory model which are counter to how a real machine operates is likely to make things more confusing, rather than simplifying them!"
Still, there were some developers who supported Andrea's patch. Alan Stern, in particular, felt that it made sense to fix bugs when they were found, but that it also made sense to include a comment in the code, explaining the default behavior and the rationale behind the fix, even while acknowledging the bug never could be triggered.
But, Andrea wasn't interested in forcing his patch through the outstretched hands of objecting developers. He was happy enough to back down, having made his point.
It was actually Paul McKenney, who had initially favored Andrea's patch and had considered sending it up to Linus Torvalds for inclusion in the kernel, who identified some of the deeper and more disturbing issues surrounding this whole debate. Apparently, it cuts to the core of the way kernel code is actually compiled into machine language. Paul said:
We had some debates about this sort of thing at the C++ Standards Committee meeting last week.
Pointer provenance and concurrent algorithms, though for once not affecting RCU! We might actually be on the road to a fix that preserves the relevant optimizations while still allowing most (if not all) existing concurrent C/C++ code to continue working correctly. (The current thought is that loads and stores involving inline assembly, C/C++ atomics, or volatile get their provenance stripped. There may need to be some other mechanisms for plain C-language loads and stores in some cases as well.) Go to Full Article
The Antergos Linux distro is calling it quits. The developers of the Arch-based distro say they no longer have time to maintain it properly, and are taking the action now while the code is still working in case other developers want to start their own projects with it. From the Antergos blog: "For existing Antergos users: there is no need to worry about your installed systems as they will continue to receive updates directly from Arch. Soon, we will release an update that will remove the Antergos repos from your system along with any Antergos-specific packages that no longer serve a purpose due to the project ending. Once that is completed, any packages installed from the Antergos repo that are in the AUR will begin to receive updates from there."
HP Linux Imaging and Printing (HPLIP) software has been updated to version 3.19.5 for Linux-based OSes. According to Softpedia News, this new release of the open-source and free print, scan and fax driver solution for HP printers and scanners supports "a plethora of new HP printers" (too many to list here), and it also brings support for several new distros, such as "Ubuntu 19.04 (Disco Dingo), Debian GNU/Linux 9.8, and Fedora 30". See the official HPLIP 3.19.5 Release Notes for more information.
Kali Linux announces its second release of the year, Kali Linux 2019.2. This release "brings our kernel up to version 4.19.28, fixes numerous bugs, includes many updated packages, and most excitingly, features a new release of Kali Linux NetHunter!" You can download it from here.
Tails 3.14 has been released. The release fixes many security issues, so you are urged to update as soon as possible. Some changes include an update to kernel 4.19.37, enabling "all available mitigations for the MDS (Microarchitectural Data Sampling) attacks and disable SMT (simultaneous multithreading) on all vulnerable processors to fix the RIDL, Fallout and ZombieLoad security vulnerabilities" and updating the Tor Browser to 8.5, among others.
Bringing the Benefits of Linux Containers to Operational Technology by Pavan Singh Linux container technology was introduced more than a decade ago and has recently jumped in adoption in IT environments. However, the OT (operational technology) environments, typically made up of heterogenous embedded systems, have lagged in the adoption of container technologies, due to both the unique technology requirements and the business models that relied on proprietary systems. In this article, I explore recent innovation in open-source offerings that are enabling the use of containers in OT use cases, such as industrial control systems, IoT gateways, medical devices, Radio Access Network (RAN) products and network appliances.
Enterprise IT leaders have adopted “cloud-native” computing architectures because of the innovation velocity and cost benefits derived by the approach. To leverage containers, developers segment applications into modular micro-services that enable flexible development and deployment models. These micro-services are then deployed as containers where the service itself is integrated with the required libraries and functions. On containerization, these application components have small footprints and fast speeds of deployment. The applications become highly portable across compute architectures due to the abstraction away from the hardware and the operating system.
The benefits of flexibility and the modularity offered by container-based architectures are fully realized when leveraged in conjunction with higher-level orchestration systems that can manage the containers throughout their entire lifecycle. Kubernetes, the leading open-source orchestration system for containers, has gained a lot of traction over the last few years. Initially developed by Google, the Kubernetes project is now maintained by the Cloud Native Compute Foundation (CNCF). CNCF is dedicated to reducing the friction around the adoption of cloud-native technologies and brings to bear a few key cloud-native projects, such as Kubernetes, Prometheus and Envoy. This is an example of an open-source organization that has fostered collaboration among the entire value chain – developers, end-users and vendors. Today’s CNCF membership includes significant technology brands, such as Amazon, Cisco, Google, Microsoft, Oracle, SAP and many others.
Containers and other cloud-native paradigms were initially developed with IT environments in mind. And as these technologies have matured and the capability of the cloud-native technologies increased, the OT decision-makers have taken notice. And as more developers get access to container technology, they are going through a journey of their own, albeit one that is different from the journey of the IT developers over the last decade. Go to Full Article
Firefox 67.0 was released today. From the Mozilla blog: "Today's new Firefox release continues to bring fast and private together right at the crossroads of performance and security. It includes improvements that continue to keep Firefox fast while giving you more control and assurance through new features that your personal information is safe while you're online with us." You can download it from here, and see the release notes for details.
ownCloud announces its new server version 10.2, which introduces advanced sharing permissions, a secure view feature and automatic synchronization between federated clouds. From the press release: "the new server version of ownCloud focuses on more freedom and security in file distribution. The "Advanced Sharing Permissions" feature in particular provides developers with far-reaching options for implementing individual release functions at user and group level as well as providing data with special security settings."
Google has launched a "Glass Enterprise Edition 2" headset. According to Linux Gizmos, the new device has a "faster processor, longer battery life, improved camera and wireless features, and a reduced $999 price" compared with the previous Glass Enterprise Edition. It "runs Android Oreo on a faster, quad-core, 1.7GHz Snapdragon XR1 SoC with an 8MP camera, WiFi-ac, BT 5.x, a USB Type-C port, and longer battery life."
Ubuntu has expanded its Kernel Uploader Team. Phoronix reports that it's "a sign of the times with the Linux kernel being affected by an increasing number of CVEs (and particularly high profile ones at that), there are now more Ubuntu developers with upload rights for sending down new kernel upgrades." New to the Kernel Uploaders Team are Tyler Hicks, Juerg Haefliger and Khalid Elmously.
WebAuthn Web Authentication with YubiKey 5 by Todd A. Jacobs A look at the recently released YubiKey 5 hardware authenticator series and how web authentication with the new WebAuthn API leverages devices like the YubiKey for painless website registration and strong user authentication.
I covered the YubiKey 4 in the May 2016 issue of Linux Journal, and the magazine has published a number of other articles on both YubiKeys and other forms of multi-factor authentication since then. Yubico recently has introduced the YubiKey 5 line of products. In addition to the YubiKey's long-time support of multiple security protocols, the most interesting feature is the product's new support for FIDO2 and WebAuthn.
WebAuthn is an application programming interface (API) for web authentication. It uses cryptographic "authenticators", such as a YubiKey 5 hardware token to authenticate users, in addition to (or even instead of) a typical user name/password combination. WebAuthn is currently a World Wide Web Consortium (W3C) candidate recommendation, and it's already implemented by major browsers like Chrome and Firefox.
This article provides an overview of the YubiKey 5 series, and then goes into detail about how the WebAuthn API works. I also look at how hardware tokens, such as the YubiKey 5 series, hide the complexity of WebAuthn from users. My goal is to demonstrate how easy it is to use a YubiKey to register and authenticate with a website without having to worry about the underlying WebAuthn API. About the YubiKey 5 Series The YubiKey 5 series supports a broad range of two-factor and multi-factor authentication protocols, including: Challenge-response (HMAC-SHA1 and Yubico OTP). Client to Authenticator Protocol (CTAP). FIDO Universal 2nd-Factor authentication (U2F). FIDO2. Open Authorization, HMAC-Based One-Time Password (OATH-HOTP). Open Authorization, Time-Based One-Time Password (OATH-TOTP). OpenPGP. Personal Identity Verification (PIV). Web Authentication (WebAuthn). Yubico One-Time Password (OTP). In addition, the entire YubiKey 5 series (with the exception of the U2F/FIDO2-only Security Key model) now supports OpenPGP public key cryptography with RSA key sizes up to 4096 bits. This is a notable bump from the key sizes supported by some earlier models. Yubico's OpenPGP support also includes an additional slot for an OpenPGP authentication key for use within an SSH-compatible agent, such as GnuPG's gpg-agent. Figure 1. YubiKey 5 Series Go to Full Article
Linux kernel 5.2-rc1 is out. Linus Torvalds writes: "Things look fairly normal. Just about two thirds of the patch is drivers (all over), with the bulk of the rest being arch updates, tooling, documentation and vfs/filesystem updates, of which there were more than usual (the unicode tables for ext4 case insensitivity do end up being a big part of the "bulk" side). But there's core networking, kernel and vm changes too - it's just that the other areas tend to simply be much bulkier."
The the first pre-release of Xfce 4.14 is now available. Simon Steinbeiß's blog post covers only the changes in the latest development release, as the Xfce 4.12 was four years ago. Highlights include FailSafeSession has been fixed, improvements to vertical blanking support, a new colord front end was added, and much more.
Microsoft recently released its SPTAG algorithm as MIT-licensed open source on GitHub. Ars Technica reports that this algorithm is part of what gives Bing its smarts, noting that "Developers can use this algorithm to search their own sets of vectors and do so quickly: a single machine can handle 250 million vectors and answer 1,000 queries per second." This release is part of the company's effort to "Democratize AI".
The South Korean government plans to switch to Linux as the end of Windows 7 support nears. According to ZDNet, "the nation's Interior Ministry last week announced plans for a potentially major Linux deployment as part of a plan to cut tech costs and reduce its reliance on a single operating system. It's not known what mix of Windows 7 and Windows 10 the Korean government currently uses, however the plan to adopt Linux more widely comes as organizations around the world prepare for the end of Windows 7 support on January 14, 2020."
The Arduino team announced the launch of four new Nano boards: Arduino Nano Every, "perfect for everyday projects"; Arduino Nano 33 IoT, "small, secure, and Internet-connected"; Arduino Nano 33 BLE, "small, low-power, and Bluetooth-connected"; and Arduino Nano BLE Sense, "small, low-power, and Bluetooth-connected with a wide range of on-board sensors". The boards start at just $9.90 for the Nano Every. Arduino co-founder Massimo Banzi commented that the new Nanos "are for those millions of makers who love using the Arduino IDE for its simplicity and open source aspect, but just want a great value, small and powerful board they can trust for their compact projects". NewskernelXFCEMicrosoftMachine LearningAIArduinoGovernmentopen source
This article puts into practice what you learned in and shows how to use NVMe drives in a Linux environment. But, before continuing, you first need to make sure that your physical (or virtual) machine is up to date. Once you verify that to be the case, make sure you're able to see all connected NVMe devices: $ cat /proc/partitions |grep -e nvme -e major major minor #blocks name 259 0 3907018584 nvme2n1 259 1 3907018584 nvme3n1 259 2 3907018584 nvme0n1 259 3 3907018584 nvme1n1 Those devices also will appear in sysfs: $ ls /sys/block/|grep nvme nvme0n1 nvme1n1 nvme2n1 nvme3n1 If you don't see any connected NVMe devices, make sure the kernel module is loaded: petros@ubu-nvme1:~$ lsmod|grep nvme nvme 32768 0 nvme_core 61440 1 nvme Next, install the drive management utility called nvme-cli. This utility is defined and maintained by the very same NVM Express committee that defined the NVMe specification. The nvme-cli source code is hosted on GitHub. Fortunately, some operating systems offer this package in their internal repositories. Installing it on the latest Ubuntu looks something like this: petros@ubu-nvme1:~$ sudo add-apt-repository universe petros@ubu-nvme1:~$ sudo apt update && sudo apt install ↪nvme-cli Using this utility, you're able to list more details of all connected NVMe drives (note: the tabular output below has been reformatted and truncated to better fit here): Go to Full Article
Hewlett Packard Enterprise to buy Supercomputer-maker Cray. Bloomberg reports that the deal is "valued at about $1.4 billion as the firm works to become more competitive in high-end computing", and "Cray investors will get $35 a share in cash".
ManagedKube launches k8sBot, "an app that provides a point-and-click user interface for Kubernetes in Slack", available on the Google Cloud Platform (GCP) Marketplace. From the press release: "Companies can now ensure that all their team members have access to Kubernetes information. ManagedKube's k8sBot provides an easy-to-use interface in Slack so users can retrieve pod status, get pod logs, and get real-time troubleshooting recommendations with just one click. DevOps teams can get more done with k8sBot by easily sharing Kubernetes information in Slack, where team discussions are already happening, and automating DevOps support by democratizing access to Kubernetes information." You can install ManagedKube's k8sBot from here.
Purism's Librem One Suite surpasses its Crowdfunding goal after two weeks, demonstrating the "demand for ethical alternatives to Big Tech as data privacy snafus continue to plague users on a weekly basis". The Librem One Suite includes "end-to-end encrypted chat, end-to-end encrypted mail, and end-to-end encrypted VPN, as well as an open public social network. More services, such as end-to-end encrypted cloud storage, payments, and phone service, will be built in the future and added to the bundle. All current and future services in Librem One have no ads, do not track users, do not look at, sell, or share anything people create or send, and are available on popular platforms like Android and iOS." See Founder and CEO Todd Weaver's blog post 5000 Happy Librem One Users!" for more details.
The client/server-based backup solution is actually a set of computer programs (Figure 1) that communicate over the network: the Bareos Director (BD), one or more Storage Dæmons (SD) and the File Dæmons (FD). Due to this modular design, Bareos is scalable—from single computer systems (where all components run on one machine) to large infrastructures with hundreds of computers (even in different geographies). Figure 1. A Typical Bareos Setup: Director (with Database), File Dæmon(s), Storage Dæmon(s) and Backup Media
The director is the central control unit for all other dæmons. It manages the database (catalog), the connected clients, the file sets (they define which data Bareos should back up), the configuration of optional plugins, before and after jobs (programs to be executed before or after a backup job), the storage and media pool, schedules and the backup jobs. Bareos Director runs as a dæmon.
The catalog maintains a record of all backup jobs, saved files and volumes used. Current Bareos versions support PostgreSQL, MySQL and SQLite, with PostgreSQL being the preferred database back end.
The File Dæmon (FD) must be installed on every client machine. It is responsible for the backup as well as the restore process. The FD receives the director's instructions, executes them and transmits the data to the Bareos Storage Dæmon. Bareos offers pre-packed file dæmons for many popular operating systems, such as Linux, FreeBSD, AIX, HP-UX, Solaris, Windows and macOS. Like the director, the FD runs as a dæmon in the background.
The Storage Dæmon (SD) receives data from one or more File Dæmons (at the director's request). It stores the data (together with the file attributes) on the configured backup medium. Bareos supports various types of backup media, as shown in Figure 1, including disks, tape drives and even cloud storage solutions. During the restore process, the SD is responsible for sending the correct data back to the FD(s). The Storage Dæmon runs as a dæmon on the machine handling the backup device(s). Backup Jobs A backup job defines what to back up (FileSet directive for the client), when to back up (schedule) and where to back up (for example, on a disk, tape, etc.). Bareos is quite flexible, and you can mix different directives. So you can have different job definitions (resources), backing up different machines, but using the same schedule, the same FileSet and even the same backup medium. Go to Full Article
Page last modified on October 08, 2013, at 07:08 PM