[$] Keeping memory contents secret One of the many responsibilities of the operating system is to helpprocesses keep secrets from each other. Operating systems often fail inthis regard, sometimes due to factors — such as hardware bugs and user-spacevulnerabilities — that are beyond their direct control. It is thusunsurprising that there is an increasing level of interest in ways toimprove the ability to keep data secret, perhaps even from the operatingsystem itself. The MAP_EXCLUSIVEpatch set from Mike Rapoport is one example of the work that is being donein this area; it also shows that the development community has not yetreally begun to figure out how this type of feature should work.
Security updates for Friday Security updates have been issued by CentOS (kernel), Debian (ghostscript, mesa, and postgresql-common), Fedora (chromium, php-robrichards-xmlseclibs, php-robrichards-xmlseclibs3, samba, scap-security-guide, and wpa_supplicant), Mageia (cpio, fribidi, libapreq2, python-numpy, webkit2, and zeromq), openSUSE (ImageMagick, kernel, libtomcrypt, qemu, ucode-intel, and xen), Oracle (kernel), Red Hat (ghostscript, kernel, and kernel-rt), Scientific Linux (ghostscript and kernel), SUSE (bash, enigmail, ghostscript, ImageMagick, kernel, libjpeg-turbo, openconnect, and squid), and Ubuntu (ghostscript, imagemagick, and postgresql-common).
Cook: Security things in Linux v5.3 Kees Cook catchesup with the security improvements in the 5.3 kernel."In recent exploits, one of the steps for making the attacker’s lifeeasier is to disable CPU protections like Supervisor Mode Access (andExecute) Prevention (SMAP and SMEP) by finding a way to write to CPUcontrol registers to disable these features. For example, CR4 controls SMAPand SMEP, where disabling those would let an attacker access and executeuserspace memory from kernel code again, opening up the attack to muchgreater flexibility. CR0 controls Write Protect (WP), which when disabledwould allow an attacker to write to read-only memory like the kernel codeitself. Attacks have been using the kernel’s CR4 and CR0 writing functionsto make these changes (since it’s easier to gain that level of executecontrol), but now the kernel will attempt to 'pin' sensitive bits in CR4and CR0 to avoid them getting disabled. This forces attacks to do more workto enact such register changes going forward."
[$] The Yocto Project 3.0 release The Yocto Project recentlyannounced its 3.0 release, maintaining the spring/fall cadence it has followed for thepast nine years. As well as the expected updates, it contains new thinking ongetting the best of two worlds: source builds and prebuilt binaries. Thisfits well into a landscape where reproducibility and software traceability,all the way through to device updates, are increasingly important to handlecomplex security issues.
Security updates for Thursday Security updates have been issued by Arch Linux (kernel, linux-lts, and linux-zen), CentOS (kernel, sudo, and thunderbird), Debian (linux-4.9), Fedora (samba), openSUSE (apache2-mod_auth_openidc, kernel, qemu, rsyslog, and ucode-intel), Oracle (kernel), Red Hat (kernel and kernel-rt), Scientific Linux (kernel), SUSE (kernel and microcode_ctl), and Ubuntu (kernel, libjpeg-turbo, linux, linux-hwe, linux-oem, linux, linux-hwe, linux-oem-osp1, and qemu).
[$] Analyzing kernel email Digging into the email that provides the cornerstone of Linux kerneldevelopment is an endeavor that has become more popular over the last fewyears. There are some practical reasons for analyzing thekernel mailing lists and for correlating that information with the patchesthat actually reach the mainline, including tracking the path thatpatches take—or don't take. Three researchers reported on some effortsthey have made on kernel email analysis at the 2019Embedded Linux Conference Europe (ELCE), held in late October in Lyon, France.
Announcing the Bytecode Alliance The Bytecode Alliance is anindustry partnership with the aim of forging WebAssembly’s outside-the-browserfuture by collaborating on implementing standards and proposing newones. The newlyformed alliance has "a vision of a WebAssembly ecosystem that issecure by default, fixing cracks in today’s softwarefoundations". The alliance is currently working on a standaloneWebAssembly runtime, two use-case specific runtimes, runtime components,and language tooling.
[$] The 2019 Automated Testing Summit This year saw the second edition of the AutomatedTesting Summit (ATS) and the first that was open to all. Last year's ATS was an invitation-onlygathering of around 35 developers (that was described in an LWN article),while this year's event attractedaround 50 attendees; both were held in conjunction with theEmbedded Linux Conference Europe (ELCE), in Edinburgh, Scotland for 2018and in Lyon, France this year. The basic problem has not changed—morecollaboration is needed between the different kernel testing systems—butthe starting points have been identified and work is progressing, albeitslowly. Part of the problem, of course, is that all of these testingefforts have their own constituencies and customers, who must be kept upand running, even while any of this collaborative development is going on.
Security updates for Wednesday Security updates have been issued by Debian (dpdk, intel-microcode, kernel, libssh2, qemu, and webkit2gtk), Fedora (apache-commons-beanutils, bluez, iwd, kernel, kernel-headers, kernel-tools, libell, and microcode_ctl), openSUSE (gdb), Oracle (kernel), Red Hat (kernel and kernel-rt), SUSE (dhcp, evolution, kernel, libcaca, python, python-xdg, qemu, sysstat, ucode-intel, and xen), and Ubuntu (dpdk, intel-microcode, kernel, linux, linux-aws, linux-kvm, linux, linux-lts-trusty, linux-azure, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-kvm, linux-oem-osp1, linux-oracle, linux-raspi2, linux-lts-xenial, linux-aws, linux-raspi2, and webkit2gtk).
APT Package Manager on Linux Explained In this tutorial, we are going to focus on Linux package management using the APT package manager. First, we are going to go through a bit of history on the origins of Open Source Software in order to grasp the fundamentals of Linux packages. Later on, we will be focusing a bit more on APT (Advanced Package Tool) and we are to see how you can compile your own programs in order to have custom installations.
Whoami Command in Linux The whoami command is a compound of the words “Who am I?” and prints the name of the user associated with the current effective user ID.
ALT Linux: Worthy Linux Alternatives, With a Catch ALT Linux offers a buffet of Linux distributions that meet a variety of specialized needs. Its inviting selections could be a good source of alternative Linux OS solutions if you take the time to sort out the menus. You might find navigating the poorly designed website a tedious chore. Still, persevering could get you a few tasty options to satisfy your computing appetite.
KaOS Linux Brings Order to the Desktop The KaOS distro is an up-and-coming Linux OS that provides one of the best integrations yet of a refreshed KDE-based computing platform. Two types of users gravitate to this solidly maintained distribution: those who are frustrated by poor user experiences with Linux distros that are bloated and cumbersome to use; and those who want a better and more controlled KDE desktop environment.
Microsoft's Chromium-Based Edge Browser Available as Release Candidate Along with unveiling its new Edge browser logo, Microsoft announced the official launch date of its nearly finished Chromium-based Edge browser and made its Release Candidate available for download immediately. The latest beta edition of the browser is stable enough for anyone to use, Microsoft said, and it will help IT admins prepare for the mid-Jan. 15 rollout.
Latest ExTix: Lots of Flexibility and a Few Flaws ExTiX 19.10, released with the LXQt desktop on Oct. 23, is a customized Linux distro that leaves you wanting more but settling for less. ExTix is a lightweight modular Linux operating system that is part of the Exton Linux/Live Systems family of distributions hosted by The Swedish Linux Society. The ExTix distro line is perhaps the best known of Exton's Linux platforms.
Linux Inside Azure Sphere on the Horizon Azure Sphere will be generally available in Feb 2020, Microsoft has announced. Its scheduled arrival highlights Microsoft's readiness to fulfill its promise for better IoT device security at scale. Microsoft first introduced Azure Sphere in 2018, opting to use its own version of a Linux operating system instead of Windows 10 to drive its new Azure Sphere OS to securely connect IoT devices.
Dragora Linux Is Anything But Simple Dragora is a fledgling Linux distribution that neither works out of the box nor is user-friendly. That said, if you have an adventurous interest in practically starting from scratch and somewhat building your own computing platform, Dragora could be an interesting side project to learn how a distribution works on the inside.
Samsung's Support for Linux on DeX Fizzles Samsung has called quits on its effort to provide a full Linux desktop platform for Android. In an email to beta testers last week, Samsung said it would not support its Linux on DeX beta program for future OS and device releases. Samsung's announcement coincides with Google's release of the Android 10 OS update and its rollout on Samsung phones. Neither company will provide Linux on DeX support.
Solus Brightens Computing Across the Linux User Spectrum The Solus Project is alive and well and continues to offer a fresh approach to uncomplicating the computer desktop. That says a lot, given the sometimes sordid developmental path of the almost 5-year-old Linux distribution. Solus 4.0 Linux "Fortitude" was updated earlier this month. The Solus team provided improvements to the distribution's supported desktop environments: Budgie, GNOME and MATE.
'Serious' Linux Sudo Bug's Damage Potential Actually May Be Small Developers have patched a vulnerability in Sudo, a core command utility for Linux, that could allow a user to execute commands as a root user even if that root access was specifically disallowed. The patch prevents potential serious consequences within Linux systems. However, the Sudo vulnerability posed a threat only to a narrow segment of the Linux user base, according to Todd Miller, a maintainer of the open source Sudo project.
Austrumi Linux Has Great Potential if You Speak Its Language Austrumi Linux is an unusual distribution. With a little more polish, it could be a good tool for running Linux on any computer you touch without changing anything on the hard drive. Last updated on Oct. 3 to version 4.08, Austrumi Linux is a bootable live Linux distribution based on Slackware Linux. It was created and is maintained by a group of programmers from the Latgale region of Latvia.
MacBook Pro Teardown Confirms the New Keyboard Is Basically Just the Old, Good Keyboard iFixit's teardown of the new 16-inch MacBook Pro confirms that the keyboard uses the more reliable scissor-style switches that Apple first introduced in its Magic Keyboards in 2015. The Verge reports: The switches on the 16-inch MacBook Pro are so similar to the standalone keyboard, in fact, that iFixit's report says that keys are interchangeable between the two products. The change comes after a long, multiyear debate between Apple and customers over the butterfly switches, causing Apple to revamp the mechanism multiple times to block debris and add extra strength. Apple was also forced to acknowledge that the keyboards were problematic, and offered an extended warranty program for those laptops. Per iFixit, the new keys also have more travel when you press them (about 0.5 mm more), and the keycaps themselves are about 0.2 mm thicker compared to the much-maligned butterfly switches. The teardown also notes that the clips that attach the keycaps to the switches appear to be more reinforced to make it easier to remove or replace them down the line.
Supreme Court Will Hear Long-Running Google and Oracle Copyright Lawsuit An anonymous reader quotes a report from CNBC: The Supreme Court said on Friday that it will hear a dispute between tech giants Oracle and Google in a blockbuster case that could lead to billions of dollars in fines and shape copyright law in the internet era. The case concerns 11,500 lines of code that Google was accused of copying from Oracle's Java programming language. Google deployed the code in Android, now the most popular mobile operating system in the world. Oracle sued Google in 2010 alleging that the use of its code in Android violated copyright law. Google won two victories in the lower courts but ultimately lost on appeal before the U.S. Court of Appeals for the Federal Circuit, which ruled last year for Oracle. Oracle has previously said it is entitled to $9 billion in damages, though no official penalty has been set. Java was developed by Sun Microsystems, which Oracle purchased in a deal valued at $7.4 billion that was completed in 2010. Underlying the legal issues in the case is a technical dispute over the nature of the code that Google used. Google has said that the code was essentially functional -- akin to copying the placement of keys on a QWERTY keyboard. Oracle maintains that the code, part of Java's application programming interface, or API, is a creative product, "like the chapter headings and topic sentences of an elaborate literary work." A number of high-profile tech firms urged the top court to take the case in order to side with Google.
Hulu Boosts the Price of Its Live-TV Service Hulu said Friday it will increase the price of its online cable TV alternative product Hulu Live by $10 to $55 a month in what is the latest sign providers are having trouble making money on discounted packages of channels that rival cable. From a report: Hulu Live, which offers about 60 channels such as ESPN and CNN, was first introduced two years ago. The price increase takes effect Dec. 18, the company said in a statement. So-called skinny bundles -- cheaper online alternatives to cable packages -- have struggled recently as budget-conscious consumers seem more willing to just cut out traditional cable networks entirely. Sony is shutting down its offering, PlayStation Vue, in January.
Xbox One November Update Arrives With Google Assistant, Gamertag Updates, More Microsoft's November 2019 update for Xbox One consoles is now headed out to everyone. From a report: After a period of testing with Xbox Insiders, several new features are now rolling out to the public, including Google Assistant support, the option to use any Gamertag, text filters, and more. Perhaps the biggest update here is support for Google Assistant. While it doesn't run on your Xbox, Google Assistant support allows you to issue commands to control your Xbox from your phone or smart speaker. It works much like the Amazon Echo integration that hit Xbox consoles several months ago, letting you turn your Xbox on, launch games, and more with your voice. The Gamertag updates in the November 2019 update bring more choice to players on consoles. Microsoft announced a plan earlier this year to revamp Gamertags, allowing you to choose any name you want. If you pick a Gamertag that's already taken, you'll have a numbered suffix added to it. "With the November 2019 Xbox Update, these gamertag options are now supported on console, including profiles, friend lists, messages, Clubs, LFG and more," Microsoft says.
Billboards Love Streaming Wars Because That's Where Ads End Up Streaming services are the hottest thing in entertainment these days. But when it comes to getting the word out about the newest offerings, it's traditional media that often benefits. From a report: Apple, Disney and other big tech and media giants are increasingly turning to outlets like TV, billboards and newspapers to promote their new online products. Spending on broadcast and cable ads by streaming services jumped 19% to $209 million over the past 10 weeks, according to data from researcher ISpot.TV. The biggest spender was Apple, which launched its Apple TV+ service on Nov. 1. It accounted for almost one-quarter of the spending, followed closely behind by Amazon.com , with $37 million in TV ad purchases. "Television is the easiest place to find people who like TV," said Brian Wieser, global president of business intelligence for GroupM, the ad buying unit of WPP. Disney, which introduced its new Disney+ streaming service on Tuesday, relied heavily on its own networks for marketing. Ads ran on ESPN's Monday Night Football, while ABC aired the first episode of the service's new "High School Musical" series the Friday before the launch. The company also promoted the service on its radio network and in the hotel rooms at its theme parks.
Disney + and 'The Mandalorian' Are Driving People Back To Torrenting An anonymous reader shares a report: A simple glance at torrent websites shows that plenty of people are stealing from the brand new steaming services -- episodes of The Mandalorian and Dickinson all have hundreds or thousands of seeders and are among the most popular shows on torrent sites. I reached out specifically to Disney, Apple, and Netflix to ask what their policy was on going after pirated content, and haven't heard back, but it's obvious that these companies assume that at least some of their viewers aren't paying the full price for their services. Given that you can watch as many as six simultaneous streams with Apple TV+, and four with Disney+ and the top Netflix package, the more common form of piracy -- password sharing -- is built into the system. But for pirates who don't have any access to the legit services, what makes stealing content particularly appealing in this age is that there are few if any people who face consequences for the crime. Since the discontinuation of the "six strikes" copyright policy in 2017, there's been lax enforcement of copyright laws. Rather than going after individuals for exorbitant fines for downloading a handful of songs like copyright holders did a decade ago, enforcement these days has focused on the providers of pirated content, with the much more efficient goal of taking down entire streaming sites rather than just a few of their visitors. Of course, as the continued resilience of The Pirate Bay shows, the current strategy isn't particularly effective at stopping piracy, either. But it does mean that those who only download already-stolen content are safer than they've ever been.
The Org That Doles Out .Org Websites Just Sold Itself To a For-Profit Company Today, the Public Interest Registry (PIR), which maintains the .org top-level domain, announced that it will be acquired by Ethos Capital, a private equity firm. From a report: This move will make PIR, previously a non-profit domain registry, officially part of a for-profit company -- which certainly seems at odds with what .org might represent to some. Originally, ".org" was an alternative to the ".com" that was earmarked for commercial entities, which lent itself to non-profit use. That's not all: On June 30th, ICANN, the non-profit that oversees all domain names on the internet, agreed to remove price caps on rates for .org domain names -- which were previously pretty cheap. Seems like something a for-profit company might want. Removing price caps wasn't exactly a popular idea when it was first proposed on March 18th. According to Review Signal, only six of the more than 3,000 public comments on the proposal were in favor of the change.
Google Almost Made 100,000 Chest X-rays Public -- Until it Realized Personal Data Could Be Exposed Two days before Google was set to publicly post more than 100,000 images of human chest X-rays, the tech giant got a call from the National Institutes of Health, which had provided the images: Some of them still contained details that could be used to identify the patients, a potential privacy and legal violation. From a report: Google abruptly canceled its project with NIH, according to emails reviewed by The Washington Post and an interview with a person familiar with the matter who spoke on the condition of anonymity. But the 2017 incident, which has never been reported, highlights the potential pitfalls of the tech giant's incursions into the world of sensitive health data. Over the course of planning the X-ray project, Google's researchers didn't obtain any legal agreements covering the privacy of patient information, the person said, adding that the company rushed toward publicly announcing the project without properly vetting the data for privacy concerns. The emails about Google's NIH project were part of records obtained from a Freedom of Information Act request. Google's ability to uphold data privacy is under scrutiny as it increasingly inserts itself into people's medical lives. The Internet giant this week said it has partnered with health-care provider Ascension to collect and store personal data for millions of patients, including full names, dates of birth and clinical histories, in order to make smarter recommendations to physicians. But the project raised privacy concerns in part because it wasn't immediately clear whether patients had consented to have their files transferred from Ascension servers or what Google's intentions were.
Taiwan Stops Selling Huawei Phones That Identify It as Part of China Taiwan suspended sales of three Huawei smartphone models that identify Taiwan as part of China, striking a fresh blow in a long-running conflict over references to sovereignty. From a report: Phone carriers were ordered to stop offering Huawei's P30, P3O Pro and Nova 5T models starting Thursday because their displays included the words "Taiwan, China" for time zones and contacts, said Peter Niou, a deputy director at the National Communications Commission in Taipei. The reference impairs Taiwan's "national dignity," Niou said. The halt adds Huawei to the list of global brands, from Coach and Givenchy to JPMorgan, that have had to respond to the sovereignty dispute between separately governed Taiwan and China, which claims Taiwan as part of its territory. The two fashion brands, owned by companies in the U.S. and France, apologized to China's government after offering T-shirts that identified Taiwan as a country.
Apple To Remove Vaping Apps From Store Amid growing health concerns over e-cigarettes, Apple will remove all 181 vaping-related apps from its mobile App Store this morning, Axios reports. From a report: The move comes after at least 42 people have died from vaping-related lung illness, per the CDC. Most of those people had been using cartridges containing THC, though some exclusively used nicotine cartridges. The company has never allowed the sale of vape cartridges directly from apps. But there were apps that let people control the temperature and lighting of their vape pens, and others provided vaping-related news, social networks and games.
OnLogic Karbon 700: Passively-Cooled, Up To 8 Core / 16 Thread Industrial & Rugged PC OnLogic (formerly known as Logic Supply until a recent rebranding) announced the Karbon 700 back in August as a durable Linux-friendly computer largely intended for industrial applications but nothing prevents the user from using it as a passively, well-built desktop PC either. OnLogic recently sent over the Karbon 700 and it's been working out very well even with passively cooling an Intel Xeon eight-core / sixteen-thread processor, 16GB of RAM, 512GB NVMe storage, and more.
Experimental Work Allows DXVK To Be Natively Used For Direct3D 11 On Linux The DXVK Direct3D 10/11 over Vulkan implementation to date has been built as a Windows library run under Wine along with the game/software being rendered for converting the calls to Vulkan for execution by the host drivers. There is now experimental work for building DXVK as a native Linux library for converting D3D10/D3D11 calls to Vulkan outside of Wine...
In this installment of our video IRL, senior editor Daniel Cooper highlights the short-bites marital drama Ste of the Union that you absolutely must not binge. Senior editor Richard Lawler explains why Hulu's shlocky horror movie Little Monsters is worth your time. Little Monsters
Richard Lawler Senior News Editor
In the age of prestige television, sometimes I just need something a little more comfortable to watch, and that's what Little Monsters delivers. After taking a break from the Walking Dead series I wasn't sure if I needed any more zombie content, but this movie on Hulu split the difference between 28 Days Later and Shaun of the Dead.
Instead of a group of 20 somethings stumbling through London, though, this zombie outbreak moves from a US military base in Australia to the amusement park next door. There, Lupita Nyong'o is the teacher, Ms. Caroline, guiding a group of kids on a class trip while Dave, played by Alexander England, does a poor job of chaperoning and an even worse job of trying to impress the teacher.
It's not much for a plot, and makes it even more ridiculous to see legitimate stars like Nyong'o and Josh Gad -- who parachutes in as the deeply troubled children's TV star 'McGiggles' -- hamming it up in what is essentially a B-movie. Lupita's previous horror turn in Us provided a strong performance as she took on two very different characters, and while Little Monsters isn't a better movie, it's an even better example of what she can do. The stakes are never too high, and despite an R-rating the horror is never too gory to make this a truly bad day at the park, and if you're flipping through things to stream late at night, it's an almost perfect pick.
Little Monsters is now streaming on Hulu. State of the Union
From the time we spent with Apple's just-announced 16-inch MacBook Pro, it was obvious that the shallow, unreliable butterfly keyboard design was out and scissor switches were back in. (It didn't hurt that Apple has confirmed the changes on the new MacBook Pro's product page.) But naturally, the teardown team at iFixit was bound to get their hands on the 16-inch MacBook Pro and see exactly how its keyboard compares to ones that came before it. Well, they've just published their results -- and just as expected, the new keyboard is nearly identical to the one in the 2015 MacBook Pro as well as Apple's external Bluetooth Magic Keyboard. That's great new for anyone in the market for a new Apple laptop.
iFixit's story is a good read if you want to get the full, sad tale of the rise and fall of Apple's laptop keyboards. Long story short, Apple replaced the comfortable, highly-lauded keyboard in the MacBook Pro in the fall of 2016, bringing over the thin, butterfly-switch keyboard it originally introduced in the tiny 12-inch MacBook in 2015. People were pretty quickly divided about the new keyboard's shallow travel and rather loud typing sound, but the bigger issue was undoubtably a reliability one. Keys were liable to get stuck or repeat characters if even a small piece of dust or a crumb got in there the right way, and getting them fixed required taking apart the entire laptop. It was, in short, a fiasco.
Apple tried to make the keys more reliable over a few revisions of the butterfly keyboard mechanism, and it also guaranteed to replace any computer with that keyboard if there were issues even after the warranty expired. My own experience with Apple's 13-inch MacBook Pro from this year is that the keyboard is now much more reliable than previous models I've tried -- but it does seem the keyboard is inherently flawed.
It's thus a huge relief that they've gone back to the scissor-style keyboard design, which means more travel and easier repairability. If you want to get up-close and personal with Apple's various keyboard designs over the last few years, definitely check out the photography over at iFixit. We'll have a full review of the new MacBook Pro soon, but in the meantime you can at the very least rest assured that the keyboard is a huge step forward. Now we'll just have to wait for Apple to bring it to the rest of its MacBook lineup.
It's no secret Spotify wants to give you as manyplaylistoptionsas possible, and today it's adding one more. Only this time, the streaming service wants to help you create a list for a specific activity: a road trip. With "Soundtrack your Ride," Spotify will make a playlist for your drive based on the duration of your journey and your answers from a short quiz.
First, you put in your starting point and destination so Spotify can calculate your drive time with the help of Google Maps. Then you're led through a series of questions that gather info like who you're traveling with, your favorite genre for a road trip and what type of car you drive. The questionaire also asks for your "drive vibe" (mellow, sing-a-long, pedal to the metal, etc.) and your "ultimate road trip song." The list there is limited to six options, and nearly all of them directly reference driving, so you have to go with one that's closest to your preference and keep on truckin'.
When you're done, Spotify will compile a playlist that lasts the length of your journey, and save it to the playlists section of the app. Like most of the company's playlist generating tools, Soundtrack your Ride is only available on the web on desktop. You can access it on mobile, but things get trimmed to the point it's not really usable. You can't use it inside any of Spotify's apps either, so you'll need to plan ahead and compile your list before you depart.
Google just made it decidedly easier to beam your personal media collection to your Chromecast device of choice. An updated version of the Files by Google app includes long-in-the-making support for playing your audio, photos and videos on any Chromecast-capable device, whether it's a speaker, smart display or TV. You only have to dive into a section containing media and choose a target. After that, you'll have on-screen playback controls to steer the action from your phone.
This should work with all the media you'd typically play on a Chromecast in the first place, and should be available right away if you have the latest version of Files. The technology behind the app isn't strictly new -- there have been local media casting apps for years, and that's not including individual media apps that can cast their own content. This gives you an official, straightforward option, though, and it could cover the bases in ways that some apps can't.
In what has become an annual reckoning, security research company Kryptowire recently published its 2019 report on the state of manufacturer-installed software and firmware for Android devices and, to no one's surprise, they found more than 140 bugs which could be exploited for malicious purposes.
The DHS-funded report uncovered 146 apps, which come pre-installed on inexpensive Android handsets, would pull shenanigans like eavesdropping through the microphone, unilaterally changing their permissions or surreptitiously transmitting data back to the manufacturer without ever notifying the user.
Kryptowire found these bugs on phones from 29 different manufacturers from relatively unknowns like Cubot and Doogee to marquee companies include Sony. And given that the average Android come with anywhere from 100 to 400 apps pre-installed, often bundled as part of larger app suites, these vulnerabilities pose a growing threat to users.
The problem isn't unsolvable, mind you. "Google can demand more thorough code analysis and vendor responsibility for their software products that enter the Android ecosystems," Kryptowire CEO Angelos Stavrou told CNET
Porsche’s Taycan lives up to its EV hype Driving a Porsche -- regardless of its body style -- is filled with expectations. The vehicle should go fast while whipping around corners. So it's no surprise that the automaker's electric Taycan (pronounced Tie Khan) offers those things. The revelation is that it does so, even with the heft of a 93.4kWh battery pack.
Electric vehicles are great at accelerating quickly, helped along by that low center of gravity (because of all that battery weight). But the laws of physics still apply and cornering can be a challenge if an automaker wants to give drivers more than 100 miles of range. More range means more battery and more battery means more weight. But the automaker has decades of experience getting cars around tracks in the quickest manner possible and it applied that wealth of knowledge to its first electric vehicle. The result is spectacular.
Angeles Crest Highway is one of the go-to destinations for performance drivers in Southern California. The mountain road is filled with switchbacks, long sweeping turns, and beautiful views. It's ideal for testing an electric sports car.
During my time behind the wheel of the Taycan, the vehicle handled tight corners with precision. Yes, the mass of battery under the seating area made itself known, but it was less prevalent than I expected. The vehicle's air suspension and dynamic chassis control do a lot of the heavy lifting here, making the car feel lighter than it actually is.
Yet the steering was tight without feeling twitchy. That makes the car ideal, not just for back-road and track days, but also daily use. In fact, in order to get to (and back from) Angeles Crest Highway, I had to do a lot of freeway and city driving. During that time, the Taycan displayed more composure on rutted bumpy roads than I anticipated.
The automaker says that the Taycan's ride sits between the Panamera and the 911. So it's not as smooth as a high-end luxury vehicle, but it is impressively composed on the roads it'll spend a majority of its time traversing.
Some of that ride quality comes from the electric powertrain. EVs just have a smoother ride because they're not battling the forces of an internal combustion engine while driving. Also, they go fast. In the case of the Porsche Taycan, it goes very fast.
I drove the Turbo S version of the Taycan with its 750 horsepower and 774 pounds of torque. It'll do zero to 60 in an internal organ-warping 2.6 seconds. It'll perform this feat again and again and again as I continually jam down the accelerator between corners in the mountains. Thermal management is tough though, and it's the reason some EVs can't continually and reliably perform at their peak. Porsche's engineers decided that if they were going to put the company's badge on a car, it should perform like its internal-combustion siblings.
For the most part, it does. But it's unlikely most drivers will ever use the full potential of the Turbo S. The $185,000 price tag makes this the ultimate enthusiasts Taycan. For the rest of those interested in the car, the $151,000 Turbo will probably do the trick with its 670 horsepower and 626 pounds of torque. Or better yet, the $103,000 4S coming next year that'll do zero to 60 in 3.8 seconds.
Regardless of which version of the Taycan someone (with a lot of money) buys, they should be happy with the interior. Like other Porsches, the inside is driver-focused. The new digital dash cluster is bright and clear and even with the glare of the sun beating down on it, was easy to read. More importantly, it's simple to navigate between the on-screen features using the controls on the steering wheel.
The infotainment system in the dash is an updated version of the automaker's PCM system. I didn't notice any latency and I'm still a fan of the customizable home screen. There was some oddness with the navigation, but Porsche was very upfront about the fact that we were driving pre-production Taycans. So I'll have to wait until I get some serious time behind the wheel of a production vehicle to really put the system through its paces.
While we wait, it was nice to see Porsche jump onto the voice-assistant bandwagon. A simple "Hey Porsche" launches the feature and it does the usual tricks. But again, a production vehicle with final software will be needed for a proper test of the feature.
Below the infotainment display is a secondary touchscreen that controls the climate features with quick-launch buttons for navigation, media, phone and settings on the main screen. At the bottom of the secondary display is an area for navigating the main touchscreen and writing out addresses. The biggest issue here is that the cup holders in the center console are right in front of it. So if you have a coffee or soda there, you have to reach around it to use the lower portion of the screen.
Fortunately, the rest of the interior makes more sense and is very comfortable. I found the front seats to be both supportive and cushy enough for a long day of performance and freeway driving. The back seats, however, can be tight if you're sitting behind someone tall.
If you're in the driver's seat, you'll be happy to know that the vehicle's adaptive cruise control is outstanding in traffic. It handled cut-ins without incident and is a bit more aggressive to get you back up to speed when it encounters a hole in traffic. A plus for anyone in cities like Los Angeles where someone will tailgate you if you don't immediately fill a gap in front of you while on the highway.
The lane keep assist is there to nudge you back into your lane, but it's very subtle. It's ideal for a sports car, but I ended up just shutting it off after about an hour of driving.
Whether you're on the highway or backroads, bringing the Taycan to a stop adds another level of tech to the car. Up to 90 percent of the stopping power is from regenerative braking. Even in the Turbo S while pushing the vehicle, most of the braking came from the electric motor slowing the car down. Porsche says braking can create 265kW of power for the car. That's impressive and it means that the car's brake pads won't need to be changed for quite a while.
I will say, that in hard braking when the car hands off the braking to the hardware there's a noticeable surge in stopping power. It can be alarming during high-performance driving the first time it happens. You will start to anticipate it after a few hours, but I'd rather have smooth braking from start to finish.
Weird braking issues aside, the Taycan is an impressive piece of engineering. Even in pre-production form, the car feels solid and ready for everything from cruising around town to tackling the track. The car's ability to recharge at up to 270kW means if you find a charging station that can push out that much power, you'll be back on the road quickly. And frankly, once you get behind the wheel of the Taycan, that's exactly what you're going to want to do.
Twitter has finally outlined how its ban on political ads will work, and it's considerably clearer -- if not as clear as some would like. When the ban takes effect on November 22nd, it'll bar ads for anything referring to candidates, parties, existing officials, legislation, regulation, ballot measures and referendums. They also can't rally for votes or financial help. Politicians effectively can't run ads, in other words. It also forbids ads from PACs and other organizations that fuel campaigns. However, the bigger changes for some may involve new policies limiting "cause-based advertising" on the social network.
The new rules will restrict ads for contentious subjects like abortion and climate change. Some keywords, such as "conservative" and "liberal," won't be allowed as a matter of course. The list of barred keywords will receive continuous updates, Twitter said. The company's new policies also curb the use of microtargeting, or attempts to skew elections by aiming ads at narrow demographics. Issue advertisers won't be allowed to target ads based on criteria like age, ethnicity and specific location, although state-level targeting will be permitted.
Like politicians, issue advertisers won't be allowed to champion specific political actions. News publishers who are already exempt from Twitter's issue rules (at least 200,000 visitors in the US, not primarily user-submitted and not focused on one issue) are allowed to advertise based on their fact-based reporting, but not to endorse candidates or banned topics.
There are concerns about how well Twitter will enforce the new policies. Facebook blocked innocuous LGBT ads due to its approach to issue ads -- will Twitter risk similar problems? There are also questions as to whether Twitter will have a consistent definition of fact-based reporting in light of allegations of political bias. Legal and policy VP Vijaya Gadde said Twitter was prepared for the possibility of "[making] some mistakes," though, and made clear that the site would have to "improve this policy over time." If you're not a fan of the rules as they are, don't be surprised if they evolve before long. Today, we're sharing the full details of Twitter's new political ads policy. I encourage you to read through it for the full detail, but I wanted to share some of the thinking that went into its creation. This new policy goes into effect on 11/22.https://t.co/iz9lVJ016s — Vijaya Gadde (@vijaya) November 15, 2019 Via: CNBC, The Verge
Apple TV+ has only just rolled out and it's already nabbed one of the biggest names in showbiz. Acting legend Gary Oldman is set to star in spy drama Slow Horses, an adaptation of Mick Herron's Slough House books, according to Variety.
The show -- named after the first novel in Herron's series -- tells the story of a team of British intelligence agents banished to MI5's lackluster Slough House department due to making major mistakes in the field. Oldman plays the group's leader, the clever but curmudgeonly Jackson Lamb.
The role is a departure from the norm for the Academy Award-winning Gary Oldman, who has held few TV parts during his illustrious movie career, which includes the likes of Tinker Tailor Soldier Spy, the Harry Potter franchise, Dark Knight and True Romance. Perhaps this is an appetizing taste of what's yet to come on Apple's newly-launched platform.
Hulu's live TV streaming is about to get more expensive. The company announced today that its Hulu + Live TV option would increase to $54.99 a month starting December 18th. This is the second time this year the company has raised its rate on live television streaming. In February, there was a $5/month hike to $45.99 -- up from the $39.99 price when the service debuted in 2017.
"The new price better reflects the substantial value of Hulu + Live TV and allows us to continue offering all of the popular live news, sports and entertainment programming included in the plan," the company explained in the announcement.
To help ease the pain, the company recommends switching to streaming-only plans during times of the year when you don't need live TV. It gave the end of football season as an example. Sure, that works, but it's not necessarily an ideal scenario, especially for those of us who are terrible at planning or remembering to cancel.
At $54.99 per month, Hulu + Live TV is now $5 a month more than YouTube TV. Hulu isn't the only company raising rates though, as AT&T did the same in October. As live TV streaming becomes increasingly more popular, and services continue to expand their content lineup, higher prices are inevitable. Which begs the question: Is this really better than cable?
If you need something from pop culture brought to life, then the first person to call is Colin Furze, YouTube's own mad inventor. Furze has already made working versions of the hit the Switch on October 15th.
Furze took the engine from a petrol-powered chainsaw and retrofitted it, with plenty of cunning, into the middle of a tyre. With some extra adornments and a remote control, the RIP-tire managed to cut a paint can and smash several panes of glass. Obviously, Furze breaks down how he made the device in the clip, and teases that there are more modifications to come in future.
And, of course, don't forget that Overwatch is available to play on all good consoles, so get your practice in before Overwatch 2 drops at some point in the future.
Developer runs Windows 10 IoT Core on a graphing calculator An independent developer has managed to hack a Calculator to run Windows 10 operating system, but it’s not a basic or scientific calculator that we normally use. According to the photos, the device is actually the HP’s Prime Graphing Calculator which comes with a touch screen interface, and good industrial design. The photos shared by the developer Ben shows off Windows 10 IoT (Internet of Things) edition running on the HP Prime Graphing Calculator. Perhaps not the most useful hack in the world, but still very cool.
Supreme Court agrees to review disastrous ruling on API copyrights Ars Technica reports: The Supreme Court has agreed to review one of the decades most significant software copyright decisions: last years ruling by an appeals court that Google infringed Oracles copyrights when Google created an independent implementation of the Java programming language. The 2018 ruling by the Federal Circuit appeals court will upend the longstanding expectation of software developers that they are free to use existing software interfaces to build new computer programs,! Google wrote in its January petition to the Supreme Court. In a sane world, this idiotic ruling would be overturned and Larry Ellison cries in his huge pile of money. Sadly, this world is far from sane, so this could really go either way.
The AMD Ryzen 9 3950X review: 16 cores on 7nm with PCIe 4.0 Deciding between building a mainstream PC and a high-end desktop has historically been very clear cut: if budget is a concern, and youre interested in gaming, then typically a user looks to the mainstream. Otherwise, if a user is looking to do more professional high-compute work, then they look at the high-end desktop. Over the course of AMD’s recent run of high-core count Ryzen processors that line has blurred. This year, that line has disappeared. Even in 2016, mainstream CPUs used to top out at four cores: today they now top out at sixteen. Does anyone need sixteen cores? Yes. Does everyone need sixteen cores? No. Do I want sixteen cores? Yes.
1Password takes 200 million in venture capital I wanted to be the first one to tell you: I’m incredibly proud to announce that we’ve partnered with Accel to help 1Password continue the amazing growth and success we’ve seen over the past 14 years. Accel will be investing USD$200 million for a minority stake in 1Password. Along with the investment – their largest initial investment in their 35-year history – Accel brings the experience and expertise we need to grow further and faster. I use 1Password, and Im deeply skeptical of venture capital investments like these. 1Password has been profitable since its founding, so this investment is not a make-or-break kind of thing, which makes me worried about the future. Password managers require a lot of trust from their users, and trust is not something I give to venture capitalists.
Microsoft is working to bring 64-bit Intel app emulation to Windows on ARM With Microsofts launch of the Surface Pro X last week, questions were once again raised about the apps that can run on it. The answer is that like any Windows 10 on ARM PC, it can run native ARM (ARM and ARM64) apps, and it can run emulated 32-bit Intel (x86) apps. This leaves out 64-bit Intel (AMD64, or x64) apps, so if you want an app thats only available in an x64 flavor, such as Adobe Premiere Pro or Photoshop Elements, you cant use it. Thats going to change though. Speaking with several sources, I can confirm that Microsoft is indeed working on bringing x64 app emulation to Windows on ARM. When that will happen is a bit more unclear, but it seems like it could be in Windows 10 21H1, which would mean that the general public will have access to it in the first half of 2021, and Windows Insiders will be able to test it out next year. Developing tools and technologies like this always carries an inherent risk if its slow and cumbersome, people will complain and wont want to use your operating system. If its fast and seamless, however, developers have little to no incentive to develop native ARM64 applications for Windows on ARM. Thats a fine line to tread, and definitely something Microsoft will have issues with. On a related note, the ARM64 version of Microsofts new Edge browser has been released.
Windows 10 to disallow WEP encryption Microsoft is planning to remove WEP encryption from Windows 10. Since the 1903 release, a warning message has appeared when connecting to Wi-Fi networks secured with WEP or TKIP (which are not as secure as those using WPA2 or WPA3). In a future release, any connection to a Wi-Fi network using these old ciphers will be disallowed. Wi-Fi routers should be updated to use AES ciphers, available with WPA2 or WPA3. WEP is very old it entered the scene in 1997 and was cracked in 2001. Its incredibly easy to crack, so it only makes sense to remove this outdated feature from Windows.
Apple debuts new MacBook Pro with working keyboard The updated 16-inch MacBook Pro features a larger display with slimmer bezels than the 15-inch MacBook Pro, which it has replaced in Apples notebook lineup. The display has a resolution of 30721920 pixels with up to 500 nits of brightness. The notebook features an updated Magic Keyboard! that does away with the unpopular butterfly mechanism, returning instead to a more reliable scissor mechanism with 1mm key travel, along with Intels latest 9th-generation processors with up to 8 cores. It also has up to 64GB of RAM and up to 8TB of SSD storage. Above the keyboard, the Touch Bar lives on, but the 16-inch MacBook Pro marks the return of a physical Esc key. In line with the latest MacBook Air, the Touch ID sensor has also been separated from the Touch Bar. It took them 4 years, but Apple finally remembered how to make a keyboard. Aside from the new MacBook Pro, Apple also announced the new Mac Pro will be available in December.
BBC feature on Terry Davis of TempleOS When a homeless man was accidentally killed by a train on the 11/08/18 in The Dalles, Oregon, no one realised how many people it would effect. The man was a computer programmer called Terry Davis and he was on a mission from God. Hed designed an entire operating system called Temple OS and according to Terry its creation had been a direct instruction from God himself. As a fellow programmer explained it, you can imagine how over time one man might build a house, but this is like building a sky scraper, on your own! And this was all done while Terry battled a diagnosis of schizophrenia. Aleks Krotoski searches the emails, web posts and live streams to piece together the life of a remarkable individual whos work touched so many and is now celebrated not just as a technological achievement but an artistic one. Davis story was a sad one, and partially intertwined with OSNews and the crew here. His behaviour meant we eventually had to ban him from the site, but even after that, then-OSNews editor Kroc Kamen worked with him for an OSNews article.
Tearing apart printf() If Hello World is the first program for C students, then printf() is probably the first function. Ive had to answer questions about printf() many times over the years, so Ive finally set aside time for an informal writeup. The common questions fit roughly in to two forms: Easy: How does printf mechanically solve the format problem?Complex: How does printf actually display text on my console? My usual answer? Just open up stdio.h and track it down! This wild goose chase is not only a great learning experience, but also an interesting test for the dedicated beginner. Will they come back with an answer? If so, how detailed is it? What IS a good answer? This is incredibly detailed and definitely over my head, but Im sure many of you will enjoy this one greatly.
Google’s secret ‘Project Nightingale’ gathers personal health data on millions of Americans Google is teaming with one of the country’s largest health-care systems on a secret project to collect and crunch the detailed personal health information of millions of Americans across 21 states, according to people familiar with the matter and internal documents. The data involved in Project Nightingale includes lab results, doctor diagnoses and hospitalization records, among other categories, and amounts to a complete health history, complete with patient names and dates of birth. Neither patients nor doctors have been notified. At least 150 Google employees already have access to much of the data on tens of millions of patients, according to a person familiar with the matter. Theres a lot of money to be made in healthcare, and it was only a matter of time before creepy technology companies like Google would want a piece of this pie through massive amounts of personal information. Technically, this is all above board, though. Its fully within federal regulations and laws, so this practice is unlikely to stop.
Linux Journal Ceases Publication: An Awkward Goodbye by Kyle RankinIMPORTANT NOTICE FROM LINUX JOURNAL, LLC:On August 7, 2019, Linux Journal shut its doors for good. All staff were laid off and the company is left with no operating funds to continue in any capacity. The website will continue to stay up for the next few weeks, hopefully longer for archival purposes if we can make it happen. –Linux Journal, LLC
Final Letter from the Editor: The Awkward Goodbye
by Kyle Rankin
Have you ever met up with a friend at a restaurant for dinner, then after dinner you both step out to the street and say a proper goodbye, only when you leave, you find out that you both are walking in the same direction? So now, you get to walk together awkwardly until the true point where you part, and then you have another, second goodbye, that's much more awkward.
That's basically this post.
So, it was almost two years ago that I first said goodbye to Linux Journal and the Linux Journal community in my post "So Long and Thanks for All the Bash". That post was a proper goodbye. For starters, it had a catchy title with a pun. The post itself had all the elements of a proper goodbye: part retrospective, part "Thank You" to the Linux Journal team and the community, and OK, yes, it was also part rant. I recommend you read (or re-read) that post, because it captures my feelings about losing Linux Journal way better than I can muster here on our awkward second goodbye.
Of course, not long after I wrote that post, we found out that Linux Journal wasn't dead after all! We all actually had more time together and got to work fixing everything that had caused us to die in the first place. A lot of our analysis of what went wrong and what we intended to change was captured in my article Go to Full Article
Working in a Linux environment, how often have you seen a kernel panic? When it happens, your system is left in a crippled state until you reboot it completely. And, even after you get your system back into a functional state, you're still left with the question: why? You may have no idea what happened or why it happened. Those questions can be answered though, and the following guide will help you root out the cause of some of the conditions that led to the original crash. Figure 1. A Typical Kernel Panic
Let's start by looking at a set of utilities known as kexec and kdump. kexec allows you to boot into another kernel from an existing (and running) kernel, and kdump is a kexec-based crash-dumping mechanism for Linux. Installing the Required Packages First and foremost, your kernel should have the following components statically built in to its image: CONFIG_RELOCATABLE=y CONFIG_KEXEC=y CONFIG_CRASH_DUMP=y CONFIG_DEBUG_INFO=y CONFIG_MAGIC_SYSRQ=y CONFIG_PROC_VMCORE=y You can find this in /boot/config-`uname -r`.
Make sure that your operating system is up to date with the latest-and-greatest package versions: $ sudo apt update && sudo apt upgrade Install the following packages (I'm currently using Debian, but the same should and will apply to Ubuntu): $ sudo apt install gcc make binutils linux-headers-`uname -r` ↪kdump-tools crash `uname -r`-dbg Note: Package names may vary across distributions.
During the installation, you will be prompted with questions to enable kexec to handle reboots (answer whatever you'd like, but I answered "no"; see Figure 2). Figure 2. kexec Configuration Menu
And to enable kdump to run and load at system boot, answer "yes" (Figure 3). Figure 3. kdump Configuration Menu Configuring kdump Open the /etc/default/kdump-tools file, and at the very top, you should see the following: Go to Full Article
Loadsharers: Funding the Load-Bearing Internet Person by Eric S. Raymond The internet has a sustainability problem. Many of its critical services depend on the dedication of unpaid volunteers, because they can't be monetized and thus don't have any revenue stream for the maintainers to live on. I'm talking about services like DNS, time synchronization, crypto libraries—software without which the net and the browser you're using couldn't function.
These volunteer maintainers are the Load-Bearing Internet People (LBIP). Underfunding them is a problem, because underfunded critical services tend to have gaps and holes that could have been fixed if there were more full-time attention on them. As our civilization becomes increasingly dependent on this software infrastructure, that attention shortfall could lead to disastrous outages.
I've been worrying about this problem since 2012, when I watched a hacker I know wreck his health while working on a critical infrastructure problem nobody else understood at the time. Billions of dollars in e-commerce hung on getting the particular software problem he had spotted solved, but because it masqueraded as network undercapacity, he had a lot of trouble getting even technically-savvy people to understand where the problem was. He solved it, but unable to afford medical insurance and literally living in a tent, he eventually went blind in one eye and is now prone to depressive spells.
More recently, I damaged my ankle and discovered that although there is such a thing as minor surgery on the medical level, there is no such thing as "minor surgery" on the financial level. I was looking—still am looking—at a serious prospect of either having my life savings wiped out or having to leave all 52 of the open-source projects I'm responsible for in the lurch as I scrambled for a full-time job. Projects at risk include the likes of GIFLIB, GPSD and NTPsec.
That refocused my mind on the LBIP problem. There aren't many Load-Bearing Internet People—probably on the close order of 1,000 worldwide—but they're a systemic vulnerability made inevitable by the existence of common software and internet services that can't be metered. And, burning them out is a serious problem. Even under the most cold-blooded assessment, civilization needs the mean service life of an LBIP to be long enough to train and acculturate a replacement.
(If that made you wonder—yes, in fact, I am training an apprentice. Different problem for a different article.)
Alas, traditional centralized funding models have failed the LBIPs. There are a few reasons for this: Go to Full Article
Documenting Proper Git Usage by Zack Brown Jonathan Corbet wrote a document for inclusion in the kernel tree, describing best practices for merging and rebasing git-based kernel repositories. As he put it, it represented workflows that were actually in current use, and it was a living document that hopefully would be added to and corrected over time.
The inspiration for the document came from noticing how frequently Linus Torvalds was unhappy with how other people—typically subsystem maintainers—handled their git trees.
It's interesting to note that before Linus wrote the git tool, branching and merging was virtually unheard of in the Open Source world. In CVS, it was a nightmare horror of leechcraft and broken magic. Other tools were not much better. One of the primary motivations behind git—aside from blazing speed—was, in fact, to make branching and merging trivial operations—and so they have become.
One of the offshoots of branching and merging, Jonathan wrote, was rebasing—altering the patch history of a local repository. The benefits of rebasing are fantastic. They can make a repository history cleaner and clearer, which in turn can make it easier to track down the patches that introduced a given bug. So rebasing has a direct value to the development process.
On the other hand, used poorly, rebasing can make a big mess. For example, suppose you rebase a repository that has already been merged with another, and then merge them again—insane soul death.
So Jonathan explained some good rules of thumb. Never rebase a repository that's already been shared. Never rebase patches that come from someone else's repository. And in general, simply never rebase—unless there's a genuine reason.
Since rebasing changes the history of patches, it relies on a new "base" version, from which the later patches diverge. Jonathan recommended choosing a base version that was generally thought to be more stable rather than less—a new version or a release candidate, for example, rather than just an arbitrary patch during regular development.
Jonathan also recommended, for any rebase, treating all the rebased patches as new code, and testing them thoroughly, even if they had been tested already prior to the rebase.
"If", he said, "rebasing is limited to private trees, commits are based on a well-known starting point, and they are well tested, the potential for trouble is low."
Moving on to merging, Jonathan pointed out that nearly 9% of all kernel commits were merges. There were more than 1,000 merge requests in the 5.1 development cycle alone. Go to Full Article
Earlier this year, I attended PyCon, the international Python conference. One topic, presented at numerous talks and discussed informally in the hallway, was the state of threading in Python—which is, in a nutshell, neither ideal nor as terrible as some critics would argue.
A related topic that came up repeatedly was that of "asyncio", a relatively new approach to concurrency in Python. Not only were there formal presentations and informal discussions about asyncio, but a number of people also asked me about courses on the subject.
I must admit, I was a bit surprised by all the interest. After all, asyncio isn't a new addition to Python; it's been around for a few years. And, it doesn't solve all of the problems associated with threads. Plus, it can be confusing for many people to get started with it.
And yet, there's no denying that after a number of years when people ignored asyncio, it's starting to gain steam. I'm sure part of the reason is that asyncio has matured and improved over time, thanks in no small part to much dedicated work by countless developers. But, it's also because asyncio is an increasingly good and useful choice for certain types of tasks—particularly tasks that work across networks.
So with this article, I'm kicking off a series on asyncio—what it is, how to use it, where it's appropriate, and how you can and should (and also can't and shouldn't) incorporate it into your own work. What Is asyncio? Everyone's grown used to computers being able to do more than one thing at a time—well, sort of. Although it might seem as though computers are doing more than one thing at a time, they're actually switching, very quickly, across different tasks. For example, when you ssh in to a Linux server, it might seem as though it's only executing your commands. But in actuality, you're getting a small "time slice" from the CPU, with the rest going to other tasks on the computer, such as the systems that handle networking, security and various protocols. Indeed, if you're using SSH to connect to such a server, some of those time slices are being used by sshd to handle your connection and even allow you to issue commands.
All of this is done, on modern operating systems, via "pre-emptive multitasking". In other words, running programs aren't given a choice of when they will give up control of the CPU. Rather, they're forced to give up control and then resume a little while later. Each process running on a computer is handled this way. Each process can, in turn, use threads, sub-processes that subdivide the time slice given to their parent process. Go to Full Article
Last year I wrote a feature-length article on the data backup system I set up for my RV (see Kyle's "DIY RV Offsite Backup and Media Server" from the June 2018 issue of LJ). If you haven't read that article yet, I recommend checking it out first so you can get details on the system. In summary, I set up a Raspberry Pi media center PC connected to a 12V television in the RV. I connected an 8TB hard drive to that system and synchronized all of my files and media so it acted as a kind of off-site backup. Finally, I set up a script that would attempt to sync over all of those files from my NAS whenever it detected that the RV was on the local network. So here, I provide an update on how that system is working and a few tweaks I've made to it since. What Works Overall, the media center has worked well. It's been great to have all of my media with me when I'm on a road trip, and my son appreciates having access to his favorite cartoons. Because the interface is identical to the media center we have at home, there's no learning curve—everything just works. Since the Raspberry Pi is powered off the TV in the RV, you just need to turn on the TV and everything fires up.
It's also been great knowing that I have a good backup of all of my files nearby. Should anything happen to my house or my main NAS, I know that I can just get backups from the RV. Having peace of mind about your important files is valuable, and it's nice knowing in the worst case when my NAS broke, I could just disconnect my USB drive from the RV, connect it to a local system, and be back up and running.
The WiFi booster I set up on the RV also has worked pretty well to increase the range of the Raspberry Pi (and the laptops inside the RV) when on the road. When we get to a campsite that happens to offer WiFi, I just reset the booster and set up a new access point that amplifies the campsite signal for inside the RV. On one trip, I even took it out of the RV and inside a hotel room to boost the weak signal. Go to Full Article
Why did David need to write this patch? Why weren't system calls already fairly easy to manage? When you make a system call, you add it to a master list, and then you add it to the system call "tables", which is where the running kernel looks up which kernel function corresponds to which system call number. Kernel developers need to make sure system calls are represented in all relevant spots in the source tree. Renaming, renumbering and making other changes to system calls involves a lot of fiddly little details. David's script simply would do everything right—end of story no problemo hasta la vista.
Arnd Bergmann remarked, "Ah, fun. You had already threatened to add that script in the past. The implementation of course looks fine, I was just hoping we could instead eliminate the need for it first." But, bowing to necessity, Arnd offered some technical suggestions for improvements to the patch.
However, Linus Torvalds swooped in at this particular moment, saying:
Ugh, I hate it.
I'm sure the script is all kinds of clever and useful, but I really think the solution is not this kind of helper script, but simply that we should work at not having each architecture add new system calls individually in the first place.
IOW, we should look at having just one unified table for new system call numbers, and aim for the per-architecture ones to be for "legacy numbering".
Maybe that won't happen, but in the _hope_ that it happens, I really would prefer that people not work at making scripts for the current nasty situation.
And the portcullis came crashing down.
It's interesting that, instead of accepting this relatively obvious improvement to the existing situation, Linus would rather leave it broken and ugly, so that someone someday somewhere might be motivated to do the harder-yet-better fix. And, it's all the more interesting given how extreme the current problem is. Without actually being broken, the situation requires developers to put in a tremendous amount of care and effort into something that David's script could make trivial and easy. Even for such an obviously "good" patch, Linus gives thought to the policy and cultural implications, and the future motivations of other people working in that region of code.
Note: if you're mentioned above and want to post a response above the comment section, send a message with your response text to firstname.lastname@example.org. Go to Full Article
Experts Attempt to Explain DevOps--and Almost Succeed by Bryan Lunduke What is DevOps? How does it relate to other ideas and methodologies within software development? Linux Journal Deputy Editor and longtime software developer, Bryan Lunduke isn't entirely sure, so he asks some experts to help him better understand the DevOps phenomenon.
The word DevOps confuses me.
I'm not even sure confuses me quite does justice to the pain I experience—right in the center of my brain—every time the word is uttered.
It's not that I dislike DevOps; it's that I genuinely don't understand what in tarnation it actually is. Let me demonstrate. What follows is the definition of DevOps on Wikipedia as of a few moments ago:
DevOps is a set of software development practices that combine software development (Dev) and information technology operations (Ops) to shorten the systems development life cycle while delivering features, fixes, and updates frequently in close alignment with business objectives.
I'm pretty sure I got three aneurysms just by copying and pasting that sentence, and I still have no clue what DevOps really is. Perhaps I should back up and give a little context on where I'm coming from.
My professional career began in the 1990s when I got my first job as a Software Test Engineer (the people that find bugs in software, hopefully before the software ships, and tell the programmers about them). During the years that followed, my title, and responsibilities, gradually evolved as I worked my way through as many software-industry job titles as I could: Automation Engineer: people that automate testing software. Software Development Engineer in Test: people that make tools for the testers to use. Software Development Engineer: aka "Coder", aka "Programmer". Dev Lead: "Hey, you're a good programmer! You should also manage a few other programmers but still code just as much as you did before, but, don't worry, we won't give you much of a raise! It'll be great!" Dev Manager: like a Dev Lead, with less programming, more managing. Director of Engineering: the manager of the managers of the programmers. Vice President of Technology/Engineering: aka "The big boss nerd man who gets to make decisions and gets in trouble first when deadlines are missed." During my various times with fancy-pants titles, I managed teams that included: Go to Full Article
DNA Geometry with cadnano by Joey Bernard This article introduces a tool you can use to work on three-dimensional DNA origami. The package is called cadnano, and it's currently being developed at the Wyss Institute. With this package, you'll be able to construct and manipulate the three-dimensional representations of DNA structures, as well as generate publication-quality graphics of your work.
Because this software is research-based, you won't likely find it in the package repository for your favourite distribution, in which case you'll need to install it from the GitHub repository.
Since cadnano is a Python program, written to use the Qt framework, you'll need to install some packages first. For example, in Debian-based distributions, you'll want to run the following commands: sudo apt-get install python3 python3-pip I found that installation was a bit tricky, so I created a virtual Python environment to manage module installations.
Changing directory into the source directory, you can build and install cadnano with: python setup.py install Now your cadnano should be available within the virtualenv.
You can start cadnano simply by executing the cadnano command from a terminal window. You'll see an essentially blank workspace, made up of several empty view panes and an empty inspector pane on the far right-hand side. Figure 1. When you first start cadnano, you get a completely blank work space.
In order to walk through a few of the functions available in cadnano, let's create a six-strand nanotube. The first step is to create a background that you can use to build upon. At the top of the main window, you'll find three buttons in the toolbar that will let you create a "Freeform", "Honeycomb" or "Square" framework. For this example, click the honeycomb button. Figure 2. Start your construction with one of the available geometric frameworks. Go to Full Article
Virtualization has always been a rich man's game, and more frugal enthusiasts—unable to afford fancy server-class components—often struggle to keep up. Linux provides free high-quality hypervisors, but when you start to throw real workloads at the host, its resources become saturated quickly. No amount of spare RAM shoved into an old Dell desktop is going to remedy this situation. If a properly decked-out host is out of your reach, you might want to consider containers instead.
Instead of virtualizing an entire computer, containers allow parts of the Linux kernel to be portioned into several pieces. This occurs without the overhead of emulating hardware or running several identical kernels. A full GUI environment, such as GNOME Shell can be launched inside a container, with a little gumption.
You can accomplish this through namespaces, a feature built in to the Linux kernel. An in-depth look at this feature is beyond the scope of this article, but a brief example sheds light on how these features can create containers. Each kind of namespace segments a different part of the kernel. The PID namespace, for example, prevents processes inside the namespace from seeing other processes running in the kernel. As a result, those processes believe that they are the only ones running on the computer. Each namespace does the same thing for other areas of the kernel as well. The mount namespace isolates the filesystem of the processes inside of it. The network namespace provides a unique network stack to processes running inside of them. The IPC, user, UTS and cgroup namespaces do the same for those areas of the kernel as well. When the seven namespaces are combined, the result is a container: an environment isolated enough to believe it is a freestanding Linux system.
Container frameworks will abstract the minutia of configuring namespaces away from the user, but each framework has a different emphasis. Docker is the most popular and is designed to run multiple copies of identical containers at scale. LXC/LXD is meant to create containers easily that mimic particular Linux distributions. In fact, earlier versions of LXC included a collection of scripts that created the filesystems of popular distributions. A third option is libvirt's lxc driver. Contrary to how it may sound, libvirt-lxc does not use LXC/LXD at all. Instead, the libvirt-lxc driver manipulates kernel namespaces directly. libvirt-lxc integrates into other tools within the libvirt suite as well, so the configuration of libvirt-lxc containers resembles those of virtual machines running in other libvirt drivers instead of a native LXC/LXD container. It is easy to learn as a result, even if the branding is confusing. Go to Full Article
Page last modified on October 08, 2013, at 07:08 PM