Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

Show Descriptions... (Show All/All+Images) (Single Column)

LinuxSecurity - Security Advisories





  • Fedora 31: bird FEDORA-2019-ff0f9ce167
    BIRD 2.0.6 (2019-09-10) * BGP: Optional Adj-RIB-Out * BGP: Extended optional parameters length * Filter: Sets and set expressions in path masks * Several important bugfixes



  • Debian: DSA-4523-1: thunderbird security update
    Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, information disclosure and a covert content attack on S/MIME encryption using a crafted multipart/alternative message.





LWN.net

  • [$] Dealing with automated kernel bug reports
    There is value in automatic testing systems, but they also present aproblem of their own:how can one keep up with the high volume of bug reports that they generate?At the 2019 Linux Kernel Maintainers Summit, Shuah Khan ran a sessiondedicated to this issue. There was general agreement that the reports arehard to deal with, but not a lot of progress toward a solution.


  • [$] Defragmenting the kernel development process
    The first session at the 2019 Linux Kernel Maintainers Summit was alast-minute addition to the schedule. Dmitry Vyukov's Linux PlumbersConference session on the kernel development process (slides[PDF]) had inspired a number of discussions that, it was agreed, shouldcarry over into the summit. The result was a wide-ranging conversationabout the kernel's development tools and what could be done to improvethem.


  • Security updates for Friday
    Security updates have been issued by Debian (curl, dnsmasq, and golang-go.crypto), Mageia (docker, firefox, flash-player-plugin, ghostscript, links, squid, sympa, tcpflow, thunderbird, and znc), openSUSE (srt), Oracle (.NET Core, kernel, libwmf, and poppler), Scientific Linux (firefox), SUSE (cri-o, curl, java-1_8_0-ibm, python-SQLAlchemy, and python-urllib3), and Ubuntu (curl and expat).


  • [$] Comparing GCC and Clang security features
    Hardening must be performed at all levels of a system, including in thecompiler that is used to build that system. There are two viable compilersin the free-software community now, each of which offers a different set ofsecurity features. Kees Cook ran a session during the Toolchainsmicroconference at the 2019 LinuxPlumbers Conference that examined the security-feature support providedby both GCC and LLVM Clang, noting the places where each one could stand toimprove.


  • Security updates for Thursday
    Security updates have been issued by Arch Linux (exim, firefox, and webkit2gtk), Debian (libonig and opensc), Fedora (cobbler), Oracle (firefox and kernel), Red Hat (flash-plugin, kernel, kernel-rt, rh-maven35-jackson-databind, rh-nginx110-nginx, and rh-nginx112-nginx), Scientific Linux (kernel), Slackware (curl, mozilla, and openssl), SUSE (ceph, libvirt, and python-Werkzeug), and Ubuntu (vlc and webkit2gtk).



  • [$] Topics from the Open Printing microconference
    On day two of the 2019Linux Plumbers Conference, two of the principals behind the Open Printingproject led the very first Open Printingmicroconference. Project leader Till Kamppeter and program managerAveek Basu described the current state of printing on Linux and some of theplans for the future, including supporting scanning for multi-functiondevices. The picture they painted was rosy, at least for printing, whichmay not quite match the experience of many Linux users. As with manyprojects, though, Open Printing is starved for contributors—something thatwas reflected in the sparse attendance at the microconference.


  • [$] The USB debugging arsenal
    At the 2019EmbeddedLinux Conference North America, which was held in San Diego in August,Krzysztof Opasiak gave a presentation on demystifying the ways to monitor—andeven change—USB traffic on a Linux system. He started with the basics ofthe USB protocol and worked up into software and hardware tools toobserve, modify, and fuzz the messages that get sent. Those tools are part of thearsenal that is available to those interested in looking deeply into USB.


  • [$] SGX and security modules
    Software Guard Extensions (SGX) is a set of security-relatedinstructions for Intel processors; it allows the creation of privateregions of memory, called "enclaves". The aim of this feature is to worklike an inverted sandbox: instead of protecting the system from maliciouscode, it protects an application from a compromised kernel hypervisor,or other application. Linux support for SGX has existed out-of-treefor years, and the effort of upstreaming it has reached animpressive version22 of the patch set. During the upstreaming discussion, the kerneldevelopers discoveredthat the proposed SGX API did not play nicely with existing securitymechanisms, including Linux security modules(LSMs).


  • Security updates for Wednesday
    Security updates have been issued by Fedora (python38), openSUSE (nginx, nodejs10, nodejs8, python-Twisted, python-Werkzeug, SDL2_image, SDL_image, and util-linux and shadow), Oracle (firefox and nghttp2), Red Hat (.NET Core, firefox, kernel, libwmf, pki-deps:10.6, and poppler), Scientific Linux (firefox), SUSE (ghostscript, libgcrypt, podman, python-SQLAlchemy, qemu, and webkit2gtk3), and Ubuntu (curl, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, systemd, and tomcat8).



LXer Linux News

  • GNOME 3.34 released - coming soon in Fedora 31
    Today the GNOME project announced the release of GNOME 3.34. This latest release of GNOME will be the default desktop environment in Fedora 31 Workstation. The Beta release of Fedora 31 is currently expected in the next week or two, with the Final release scheduled for late October. GNOME 3.34 includes a number of new […]


  • Meet PineTime: A $25 Linux Smartwatch in Making
    After budget friendly Pine Tab, Pine Phone and Pine Notebook, PINE64 just revealed that it is working on a Linux based smartwatch called PineTime. It should cost around $25 when it is available.





  • How To List Users and Groups on Linux
    On Linux, as a system administrator, you often want to have a complete list of all the users and all the groups on your host. It is quite crucial for security purposes to make sure that you have the correct amount of users and that you didn’t forget to delete some. There are several ways to list users and groups on Linux.


  • An introduction to Virtual Machine Manager
    In my series about GNOME Boxes, I explained how Linux users can quickly spin up virtual machines on their desktop without much fuss. Boxes is ideal for creating virtual machines in a pinch when a simple configuration is all you need.


  • Are Application Servers Dying a Slow Death?
    There has been concern for nearly five years application servers are dead. Truth be told, they are not dead, but is their usage in decline? The simple answer is yes. Over the years, it appears corporate environments have decided the return on investment is not there when looking at Java application servers. On the surface, one might assume that the likes of WebSphere or WebLogic might be the ones in decline due to cost.


  • Akademy 2019 Wednesday and Thursday BoF Wrapup
    Wednesday continued the Akademy BoFs, group sessions and hacking in the morning followed by the daytrip in the afternoon to Lake Como, to have some fun, get away from laptops and get to know each other better. Thursday was back to BoFs, meetings and hacking culminating in a wrapup session at the end covering the last two days so that what happened in the different rooms can be shared with everyone including those not present.



[[LinuxInsider

	Copyright 2019
	http://www.linuxinsider.com|Linux Insider"LinuxInsider"]]
  • Archman Linux: Pure Arch With Extra Flair
    Archman is an Arch Linux-based rolling distribution featuring the Calamares system installer, Pamac package manager, and a selection of preconfigured desktop environments. The distro's name is derived from the combination of Arch Linux and Pacman package management. The new version comes with a customized Xfce 4.14 desktop environment. The customization is immediately noticeable.


  • New OSGeoLive Release Opens Doors to Geospatial Worlds
    If you ever have considered investigating or working with elements of the geospatial world, check out the latest edition of OSGeoLive, a Linux distribution that runs directly from a bootable DVD or USB thumb drive. You also can load a pre-made virtual machine disk file that runs in a VMware Workstation or VirtualBox environment. Or you can install it on a hard drive the old-fashioned way.


  • Drauger OS Makes a Capable Linux Game Console Platform
    Drauger OS is a relatively new Linux distro for users with a penchant for games. Several design elements make this Linux gaming platform different from typical distributions that merely pack digital titles. However, it lacks a few productivity tools that otherwise would make it a daily computing driver out of the box. This is a distro targeting game players who want good desktop performance.


  • Cryptocurrency OS Makes It Easy to Buy and Spend Digital Cash
    If you are ready to jump into the digital world of a bitcoin economy, Cryptocurrency OS might be your most convenient way to fast-track your entry. Cryptocurrency OS is a specialty Linux distribution that serves a niche user market destined to grow as the crypto economy continues to develop. This distro is packed with all the tools you need to create and manage your crypto accounts.


  • Slackel Linux Works Well Inside Its Openbox
    The latest release of Slackel Linux renews and improves the mashup of Slackware and Salix built around an Openbox pseudo desktop environment. Slackel 7.2 hit the download servers on July 20, eight months after the release of Slackel 7.1 Openbox edition. Slackel also is available in two older versions running the KDE and Fluxbox environments. All releases are available in 64-bit and 32-bit builds.


  • How to Distro Hop With a Web Browser
    Getting familiar with Linux up close and personal is easy to do with a free service provided by DistroTest.net, which allows testing without ISO downloads or local installations. Are you a wandering Linux distro hopper looking for a way to streamline the selection process? Are you a Windows or macOS user who wants to try Linux? Linux has countless distributions and dozens of desktop environments.


  • Newcomer EndeavourOS Offers a Friendlier Arch Linux Experience
    Good-bye Antergos Linux. Welcome to the Arch neighborhood, EndeavourOS. Here's hoping that you are well received! That may seem like a strange way to begin this week's Linux review discussion. After all, Linux distributions come and go far too often. However, the handoff from Antergos to EndeavourOS is significant. EndeavourOS is a new Arch-based Linux distro that picks up where Antergos left off.


  • TROM-Jaro: A New Twist on Open Source Freedom
    TROM-Jaro Linux offers a new twist on the concept of open source as free software. First released as a beta version last December, TROM-Jaro's second and current non-beta release pushed out in June. This new distro is a custom-built version of the popular Manjaro Arch Linux. It is probably more accurate to describe TROM-Jaro as a strategically modified version of Manjaro Linux.


  • GitHub Blocks Devs in US-Sanctioned Regions
    GitHub is blocking users in Crimea, Cuba, Iran, North Korea and Syria from accessing its services to comply with U.S. trade control laws. The Microsoft-owned company disclosed the action on a support page as a courtesy, noting that GitHub users ultimately are responsible for ensuring that their use of GitHub's products and services complies with all applicable laws and regulations.


  • Emmabunts Is a Hidden Linux Gem
    Emmabunts is a great find if you are looking for an all-around Linux operating system that keeps legacy computers out of the trash heap and is easy to use with no setup or regular Internet access required. This distro is not one whose name is readily recognizable. Hidden from popular view, it's seldom spotted by product reviewers. Yet it has fulfilled a range of user needs for years.



Slashdot

  • Pine64 Confirms $25 'PineTime' Smartwatch for Linux Smartphones
    Besides their Linux laptops, single-board computers, and tablets, Pine64 is now also working on "PineTime," a new $25 smartwatch for Linux smartphones running open source software (and based on either ARM Mbed or FreeRTOS), reports Liliputing.com:  The company describes the PineTime watch as a companion for Linux smartphones... you know, like the company's upcoming $150 PinePhone. For either or both of those reasons, it could appeal to folks who may not have wanted in on the smartphone space until now...   The PineTime uses an existing watch body that's used by other device makers, but Pine64 is choosing custom internal hardware. The PineTime will support Bluetooth 5.0, a heart rate monitor, and multi-day battery life and the watch features a zinc alloy & plastic case and comes with a charging dock...   At this point the PineTime is described as a side project, which means it's not a top priority for Pine64. While the company says the picture above is an actual photo of a prototype, Pine64 is still seeking software developers interested in contributing to the project, and the company's primary focus at this point will still be other upcoming devices like the PineBook Pro laptop and PinePhone smartphone.
            

    Read more of this story at Slashdot.


  • Linux 5.3 Released
    "Linux 5.3 has been released," writes diegocg:  This release includes support for AMD Navi GPUs; support for the umwait x86 instructions that let processes wait for short amounts of time without spinning loops; a 'utilization clamping' mechanism that is used to boost interactivity on power-asymmetric CPUs used in phones; a new pidfd_open(2) system call that completes the work done to let users deal with the PID reuse problem; 16 millions of new IPv4 addresses in the 0.0.0.0/8 range are made available; support for Zhaoxin x86 CPUs; support Intel Speed Select for easier power selection in Xeon servers; and support for the lightweight hypervisor ACRN, built for embedded IoT devices. As always, many other new drivers and improvements can be found in the changelog.
            

    Read more of this story at Slashdot.


  • Online Lenders Publicly Shame Debtors in the Philippines Using Their Facebook Contacts
    A man named Roger was surprised to hear from an old college friend after all these years, reports the Philippine Daily Inquirer -- and even more surprised to find out why.  What she wanted to know was why he gave her number to an online lending company that was hounding him at that time. The company told her that he was in debt and needed to pay up. Roger took out a loan using the company's app back in May, after seeing an ad on Facebook. His payment had been overdue for a week when the company contacted his college friend. But in fact he didn't give the company her number. The company tapped his contact list, then messaged his college friend to get him to make good on his debt. The company also called his wife and threatened to report him to his boss so he would lose his job. Roger, 26, has since paid back the loan. And he vowed to never use the app again...   Roger is not alone. The National Privacy Commission (NPC) has reported receiving 921 formal complaints since July 2018 about online lending companies who publicly shame borrowers to get them to pay up... Three companies are facing cases filed by the NPC for violating the Data Privacy Act of 2012... Privacy Commissioner Raymund Enriquez Liboro earlier released copies of the investigators' fact-finding reports, which recommended criminal prosecution of the board members of the three companies. "The investigation determined that their business practice specifically targets the privacy of persons, practically making a profit out of people's fear of losing face and dignity. These unethical practices simply have no place in a civilized society and must stop," Liboro then said...   In an affidavit sent to the NPC, one complainant said Fast Cash threatened to post her selfies on Facebook. Another said the CashLending app changed her profile picture on Facebook to an obscene picture... None of these would have happened unless the users gave permission to these apps. But many users backed into a corner by circumstance didn't have a choice. Roger, for one, said he could not use the app unless he agreed that the company could access his contacts... [T]he NPC argued that although the users gave their approval, the lack of easily understandable and clear information, among other factors, meant that it was not a "valid" consent... Among the charges filed against the companies are noncompliance with the legal requirements of processing personal data, as well as malicious and unauthorized disclosure. Their operators may face imprisonment of up to seven years and fines of not more than P5 million [about $97,000 U.S. dollars] under the Data Privacy Act of 2012.     One person who filed a formal complaint with the government later received a discouraging text message from the company in question. "Before you sue us, we already [sent] a text blast to all of your contacts. We know your home address, your office and even your ugly face. Good luck with your privacy law."
            

    Read more of this story at Slashdot.


  • FCC Fails, Robocalls (and Complaints) Increase, Along with Number-Hijacking
    "Despite new initiatives by the Federal Communications Commission (FCC) and carriers, robocalls aren't on the wane," reports Forbes.   "Americans are still facing a scourge of 200 million unwanted robocalls a day, according to a report from Transaction Network Services (TNS), a major telecommunications network and services company. And nearly 30% of all U.S. calls were negative (nuisance, scam or fraud calls) in the first six months of the year, TNS said..."  Nuisance calls jumped 38% from the third quarter of last year, while high-risk calls -- such as scammers targeting identity theft -- were up 28%, TNS said. And the FCC actually saw an 8% increase year-over year in consumer robocall complaints when comparing February-June 2019 to February-June 2018, as cited by TNS in the report. There is a limit to what major U.S. carriers can do. They are only a small part of the problem, TNS said. While 70% of all calls (normal calls and unwanted calls) come from major U.S. carriers, only 12% of the high-risk calls are from the big carriers. That means the problem lies with lesser-known providers...   A growing threat is robocall hijacking -- when a subscriber's number is hijacked by a bad guy -- doubling over last year's figure, TNS said. TNS estimates that 1 in 1,700 numbers were hijacked by spoofers in 28 day-period. In the last report the frequency was only 1 in 4,000. In one case of hijacking, a spoofer placed over 36,000 scam calls in a 3-day period according to the TNS report.   Another spoofing threat cited in the report is that of legitimate toll-free numbers of leading tech companies. Here, the scammer will claim there is something wrong with the victim's account at the company and try to get personal information.   You can stop getting robocalls with a "simple but very effective" solution, according to the article. Both Android and iOS phones have a "Do Not Disturb" option in Settings -- so just enable that for everyone except your own contacts.
            

    Read more of this story at Slashdot.


  • 'King of Kong' Billy Mitchell Argues He Was Framed for Donkey Kong Cheating, Threatens Legal Action
    "Billy Mitchell, the former Donkey Kong and Pac-Man high-score champion made famous in the 2007 film The King of Kong, has threatened legal action against the sanctioning bodies who threw out all of Mitchell's high scores in April 2018 after finding that two were illegitimate," reports Polygon. This week, lawyers for Mitchell sent a letter to Twin Galaxies and Guinness World Records demanding that both "retract their claims against Billy Mitchell" and restore the scores to their world record leaderboards, where Mitchell had been a fixture since the early 1980s... The letter to Twin Galaxies alleges that it defamed Mitchell, both in its findings and in later posts to their website.  In banning Mitchell, Twin Galaxies also vacated records that were not in question, and banned Mitchell from further participation in their leaderboards. One of Mitchell's records thrown out was a "perfect score" in Pac-Man (reaching the maximum number of points available in its 255 levels). Mitchell's attorneys say Twin Galaxies implied that score was tainted by cheating, too.   Guinness, say the lawyers, cited that disqualification in its 2019 Gamers Edition compilation of records in saying that Mitchell's "submitted scores were obtained while using [the emulator] MAME," which the attorneys take to mean as applying to all of Mitchell's scores, from 1982 to present day. They say that is factually incorrect and also impossible, as MAME was created in 1997...   The letter also alleges that Twin Galaxies "did not provide Billy Mitchell fair opportunity to provide evidence to prove his innocence," and that "specific evidence was accepted, while evidence of equal stature was rejected."  A 156-page package summarizing Mitchell's defense has been posted in Reddit's videogame speedrunning forum. It argues that the documentary's makers actually have filmed footage in which a videotaped high-score attempt at Funspot Arcade is clearly announced to be "not a score submission. This is for entertainment purposes only." And while the film-makers show that score being submitted, "this was only acting done for the movie...the scoreboard shown by the movie was forged.... Actually, in the King of Kong movie, the tape I hand Doris Self is a WWE Wrestling tape, not my 1,047,200 performance... The movie's portrayal that I submitted this performance is fictitious."   Mitchell's documents say that that score was submitted later -- without his permission -- by a referee for Twin Galaxies, arguing that the footage suffers from a compromised chain of custody. The documents even include emails written by the owner of the web site fuckbillymitchell.com "saying he has a 'master plan' to take Billy Mitchell down," along with statements from two separate witnesses who say that man had even at one point asked for help in how to fake footage of a videogame.   "I find the current accusation of Mitchell too close to exactly what Richard planned in 2009 to be overlooked."
            

    Read more of this story at Slashdot.


  • Inspired By Harry Potter, 150 Colleges Now Have Quidditch Teams
    A reporter for SFGate describes what happened when he tried out for the quidditch team at the University of California at Berkeley:  The person throwing me what's called a "quaffle" (actually a slightly deflated volleyball) looked at me to make sure I'm ready. I gave them a head nod and grip my "broom" (a PVC pipe), ready to run. "GO!" I run 20 feet and turn back to catch the ball. Success!   But as I take my next step, I get decked by team captain Dara Gaeuman, fall to the ground, drop the quaffle, re-grab the quaffle, get back up, run over to the hoop and score. It's a triumphant moment for my post-healthy, 33-year-old self, regardless of the fact that this a drill. On the first day of practice. Of a sport I'm playing for the first time. With people who likely weren't born when the first Harry Potter book came out....   [I]n 2005, a pair of students at Middlebury College -- Xander Manshel and Alex Benepe -- translated quidditch into a non-flying sport. The game used to be played on wooden brooms until a few years ago when the game got too rough. There are still chasers (offensive players), beaters (defenders), seekers, keepers (like a goalie in hockey or soccer) and quaffles (again the balls, stay with me here) and bludgers (slightly deflated dodgeballs). But here the snitch is actually a person with sock-like pouch attached to their lower back that has to be snatched by the seekers, while the snitch tries to evade them... Almost 15 years after its inception, real-world quidditch has grown into a global phenomenon, with an International Quidditch Association (IQA) that has a World Cup every two years, a couple of semi-pro leagues, several regional and national leagues and more than 150 colleges and universities with club teams.   During practice, Chanun Ong, a sophomore returning for his second year on the team, tells a freshman, "I wasn't a big Harry Potter fan, but this sport is pretty legit."  There's a short video of the quidditch practice, and the the article's author remembers some crucial advice he received from one of the players. "Scrunch your body down if someone is about to throw a bludger at you, so you're a harder target to hit."   Although he also acknowledges that most of the people watching the two-hour practice "were passersby trying to figure out what the hell is going on."
            

    Read more of this story at Slashdot.


  • The Next Energy-Efficient Architecture Revolution: A House Built By Robots
    "Erecting a new building ranks among the most inefficient, polluting activities humans undertake," reports Qz. "The construction sector is responsible for nearly 40% of the world's total energy consumption and CO2 emissions, according to a UN global survey. A consortium of Swiss researchers has one answer to the problem: working with robots."    Over four years, 30 different industry partners joined a team of experts at ETH Zurich university for a cutting-edge "digital fabrication" project: building the DFAB House. Timber beams were assembled by robots on site, it used 60% less cement, and it features some amazing ceilings printed with a large-scale 3D sand printer.  "This is a new way of seeing architecture," says Matthias Kohler, a member of DFAB's research team. The work of architects has long been presented in terms of designing inspiring building forms, while the technical specifics of construction has been relegated to the background. Kohler thinks this is quickly changing. "Suddenly how we use resources to build our habitats is at the center of architecture," he argues. "How you build matters."   DFAB isn't the first building project to use digital fabrication techniques. In 2014, Chinese company WinSun demonstrated the architectural potential of 3D printing by manufacturing 10 single-story houses in one day. A year later, the Shanghai-based company also printed an apartment building and a neoclassical mansion, but these projects remain in the development phase. Kohler explains that beating construction speed records wasn't necessarily their goal. "Of course we're interested in gaining breakthroughs in speed and economy, but we tried to hold to the idea of quality first," he says. "You can do things very, very fast but that doesn't mean that it's actually sustainable...."   Beyond the experimental structure in Switzerland, Kohler and Dillenburger explain that they're interested in fostering a dialogue with the global architecture and construction sectors. They've published their open-source data sets and have organized a traveling exhibition titled "How to Build a House: Architectural Research in the Digital Age," opening at the Cooper Union in New York this week.
            

    Read more of this story at Slashdot.


  • Ask Slashdot: Can A Lack of Privacy Be Weaponized?
    Slashdot reader dryriver asks a scary what-if question about the detailed digital profiles of our online and offline lives that are being created by "hundreds of privately owned, profit-driven companies operating with no meaningful oversight."  Digital profiles are just a collection of 1s and 0s and are wide open to digital tampering or digital distortion. You could easily be made to appear to have done just about anything from visiting questionnable websites on the dark web, to buying things that you never actually bought or would have an interest in buying, to being in places in the physical world at given dates and times that you would never actually visit in real life. In other words, your digital profile(s) may make you appear to be a completely different person, doing completely different things, from who you objectively are in actuality.   For now, these digital profiles mostly sit in data centers around the world, and try to serve ads to you. But what happens if someday your digital profile is weaponized against you?   What happens in a situation where you need to prove that you are a morally upright, law-abiding person, and your digital profile(s) are accessed, and claim that you are anything but a moral, law-abiding person? What happens if these digital profiles are someday routinely examined by courts of law to determine whether you are a person of good character or not?   What happens if one of your digital profiles is purposely leaked into the public realm someday, and your "digital mirror image" did all sorts of crappy things that you, in real life, would never do?
            

    Read more of this story at Slashdot.


  • Google's Search Results Begin Prioritizing 'Original Reporting'
    In the future Google will promote news articles that feature original reporting in its search results, the Hill reports.   "While we typically show the latest and most comprehensive version of a story in news results, we've made changes to our products globally to highlight articles that we identify as significant original reporting," Richard Gingras, Google's vice president of news, said in a blog post. "Such articles may stay in a highly visible position longer. This prominence allows users to view the original reporting while also looking at more recent articles alongside it." On top of the change for individual articles, Google's search raters will also begin identifying outlets that have a track record of original reporting in order to boost their content in search results...   For Google, the shift will mostly come in a change in guidelines for the 10,000 employees at the company who operate its search algorithms. The guidelines will now emphasize promoting an article that "provides information that would not otherwise have been known had the article not revealed it." And it will push raters to boost outlets with strong journalistic reputations. "Prestigious awards, such as the Pulitzer Prize award, or a history of high quality original reporting are strong evidence of positive reputation," the new guidelines read.
            

    Read more of this story at Slashdot.


  • IOS 13 Lock Screen Lets Anyone See Your Address Book
    Slashdot reader dryriver writes:  A security researcher discovered that if you get your hands on someone else's iThing running iOS 13, and place a phone call to it, you can choose to respond with a TXT message, and get to see the contents of the address book on the iThing without actually getting past the lock screen...   The security researcher who found the flaw was not financially rewarded or acknowledged by Apple, but rather given the cold shoulder.   The security researcher says all he'd wanted was a $1 Apple Store card to keep as a trophy, according to The Register:  The procedure, demonstrated below in a video, involves receiving a call and opting to respond with a text message, and then changing the "to" field of the message, which can be accomplished via voice-over. The "to" field pulls up the owner's contacts list, thus giving an unauthorized miscreant the ability to crawl through the address book without ever needing to actually unlock the phone.   They also report that while the insecure-lock-screen iOS 13 will be officially released on September 19, a fixed version, iOS 13.1, "is due to land on September 30."
            

    Read more of this story at Slashdot.


The Register




  • 700km on a single charge: Mercedes says it's in it for the long run
    Star-spangled luxury EV trips the light fantastic
    In the same week that the motoring industry discovered the Tesla Model 3 was the UK's third most popular car purchase, Mercedes-Benz unveiled an electric supercar at the Frankfurt Motor Show with high expectations, and probably no little relief.…


  • Now that's what we're Tolkien about: You need one storage system to rule them all and in the darkness bind them
    An argument in favor of a single source of truth in your organization
    Opinion One of the tech industry’s longest running quests is developing the notion of a single source of truth within organizations. That is, no matter who or where you are within a business, when it comes to running the numbers or making a decision, your applications are accessing the same information as everybody else internally. No out of date, duplicated, or otherwise imperfect copies.…








Linux.com offline for now

Phoronix


  • Intel's Gallium3D Driver Is Running Much Faster Than Their Current OpenGL Linux Driver With Mesa 19.3
    Last month I did some fresh benchmarks of Intel's new open-source OpenGL Linux driver with Mesa 19.2 and those results were looking good as tested with a Core i9 9900K. Since then, more Intel Gallium3D driver improvements have landed for what will become Mesa 19.3 next quarter. In taking another look at their former/current and new OpenGL drivers, here are fresh benchmarks of the latest code using a Core i7 8700K desktop as well as a Core i7 8550U Dell XPS laptop.




  • Mesa Vulkan Drivers Now Tracking Game Engine/Version For Handling More Workarounds
    Currently the Mesa OpenGL/Vulkan drivers have relied upon matching executable names for applying game/application-specific workarounds. But with Vulkan as part of the instance creation information and VkApplicationInfo it's possible to optionally advertise the rendering engine and version in use. The Mesa Vulkan drivers are now making use of that information to allow for more uniform workarounds...


  • How Google's Android Maintains A Stable Linux Kernel ABI
    While the Linux kernel is well known for not offering a stable API/ABI, Google and other enterprise Linux distribution vendors tend to aim at providing their own stable ABI for the lifespan of their products. Google engineers talked in Portugal this week at Linux Plumbers Conference 2019 about some of their means to maintaining a stable API/ABI for Android's Linux kernel...


  • Fedora Is Beginning To Spin Workstation & Live Images For POWER
    If you are running the likes of the Raptor Blackbird for a POWER open-source desktop and wanting to run Fedora on it, currently you need to use the Fedora "server" CLI installer and from there install the desired packages for a desktop. But moving forward, Fedora is beginning to spin Workstation and Live images for PPC64LE...



  • An Alternative exFAT Linux File-System Driver Based On Samsung's sdFAT
    While the upcoming Linux 5.4 kernel cycle is finally bringing a driver for Microsoft exFAT file-system read/write support, it's dated on an old Samsung code drop that has seen little public work over the years. Since queued for staging-next, there has been a big uptick in clean-ups and other activity, but there also exists another alternative out-of-tree exFAT Linux driver...




Engadget"Engadget RSS Feed"

  • Nissan envisions car-themed esports gaming chairs

    Nissan's connection to gaming might extend beyond the occasional car in a racing sim. The automaker has joined with FaZe Clan and OpTic Gaming to design a trio of "esports gaming chairs" themed around (what else?) some of its more iconic cars. The GT-R Nismo is a "performance" chair with a thin carbon fiber shell, a racing seat shape, Nismo leather and an audio system built into the headset. The Armada chair echoes the SUV with extra-comfy lumbar support, posh leather and its own climate control. A Leaf chair, meanwhile, mimics the EV with "eco-friendly" materials and a USB charging port.

    At the moment, Nissan doesn't have plans to build the chairs. However, it's gauging "public reaction" to the seats and recently ran a Twitter poll to see which furniture people would like the most. If that's any indication of demand, the GT-R chair is the most popular concept by a long shot. If Nissan ever makes one of these models, that's likely to be the one supporting your posterior during long gaming sessions.
    This isn't a game. We've got some new concepts and they aren't cars. Share your pick of the gaming-inspired styles below. #NationalVideoGamesDay pic.twitter.com/aaNMGssmbf
    — Nissan (@NissanUSA) September 12, 2019
    Via: Autoblog

    Source: Nissan, Twitter


  • AI can gauge the risk of dying from heart conditions

    AI's ability to predict threats to your health could soon include deadly heart conditions. Researchers at MIT's CSAIL have developed a machine learning system, RiskCardio, that can estimate the risk of death due to cardiovascular issues that block or reduce blood flow. All it needs is a 15-minute ECG reading -- from there, it gauges the danger based on the sets of consecutive beats in the sample. If the data is captured within 15 minutes of an event, RiskCardio can determine whether or not someone will die within 30 days, or even up to a year later.

    The approach is based on the notion that greater variability between heartbeats reflects greater risk. Scientists trained the machine learning system using historical data for patient outcomes. If a patient survived, their heartbeats were deemed relatively normal; if a patient died, their heart activity was considered risky. The ultimate risk score comes by averaging the prediction from each set of consecutive heartbeats.

    There's plenty of work to be done, including refining the training data to account for more ages, ethnic backgrounds and genders. It clearly needs to be accurate when mistakes could have dangerous consequences. If RiskCardio does enter service, though, it could prove vital to health care. Doctors could quickly assess a patient's health and decide on an appropriate level of treatment. CSAIL also hopes it can help understand less-than-clear scenarios by running poorly-labeled data through the system.

    Source: MIT CSAIL, ArXiv.org


  • OnePlus 7T Pro may debut on October 10th

    You might only have to wait a few weeks more if you've been holding off for a OnePlus 7T. The historically accurate OnLeaks and Compareraja have claimed that both the OnePlus 7T and 7T Pro will be unveiled on October 10th, with availability slated for October 15th. The apparent scoop also includes specs for both, although it's clear these are incremental upgrades -- you won't be in a rush to upgrade a OnePlus 7 Pro.

    Both phones will reportedly tout slightly faster Snapdragon 855 Plus chips, the long-rumored 16-megapixel ultra-wide camera and a host of photography modes that includes a new macro mode. You won't see fundamental changes beyond that, according to the leak. It's not necessarily a bad thing when that still means top-tier specs in key areas, particularly the responsive 90Hz AMOLED screen. If these specs prove authentic, though, this is the definition of a "T" release from OnePlus -- an iterative upgrade meant to keep the device current, rather than court enthusiasts who replace their phones as often as possible.

    Source: Compareraja, OnLeaks (Twitter)


  • 'Minecraft' now has 112 million players per month

    Fortnite might still have the lion's share of public attention, but that doesn't mean it's hurting the other gaming phenomenon. Microsoft's Helen Chiang told Business Insider in an interview that Minecraft now has 112 million active players every month, a surge of 20 million over figures from October 2018. This includes players across all platforms, including those who play the game as part of an Xbox Game Pass, but that's still no small achievement for a game that has been around in some form for roughly a decade.

    Chiang described it partly as a virtue of the creative game's evergreen status -- it's a title that people "keep coming back to." You may fire up Fortnite or other games that take the spotlight, but there's a real chance you'll return to building homes and tunnels in Minecraft after that.

    Other factors are likely important as well. On top of its sheer ubiquity across platforms, Minecraft's blocky graphics and simple mechanics make it easy to play on modestly-equipped devices, whether it's a budget PC or a smartphone. You can spend a modest amount on hardware and still get a quality experience.

    Microsoft's challenge at this point is to keep the game relevant. The augmented reality of ray-tracing and other attempts to spruce up the look. It's not clear that's enough, though. Roblox recently topped 100 million monthly players, and Fortnite may not be far off (it reported 78.3 million users in August 2018). It might not take much for other games to capture the cultural zeitgeist.

    Source: Business Insider


  • Central banks to question Facebook over Libra cryptocurrency

    Facebook is about to undergo further scrutiny of its Libra cryptocurrency, and it may have to answer some difficult questions. Officials speaking to the Financial Times said that Libra representatives are meeting with officials from 26 central banks (including the Bank of England and the US Federal Reserve) in Basel, Switzerland on September 16th. The European Central Bank's Benoît Coeuré is expected to chair the gathering, which will question Facebook over the digital money's "scope and design."

    In response, Libra reiterated its earlier stance that it "welcome[s] this engagement" with politicians and regulators, and that it "deliberately" set out a long launch schedule to discuss issues and modify its plans based on feedback.

    The conversation might not go the way Facebook and the Libra team hope. Coeuré in particular has warned that Libra has to clear a "very high" bar, and EU finance ministers in particular have worried that cryptocurrencies like Libra could destabilize finance and undercut the authority of government banks. France and Germany have both argued that Libra should be blocked in the EU as it would challenge the "monetary sovereignty" of governments.

    Facebook has pitched Libra as a way to democratize money, providing banking to many first-timers and creating a format that's independent of any one country. However, it's that last part that has officials and critics worried. While Libra is a "stablecoin" that should be pegged to the value of conventional currency, it could give Facebook and the Libra Association a tremendous amount of clout if it takes off. It may not have much choice but to make concessions if it wants the currency to be widely available, and even that isn't guaranteed.

    Via: Reuters

    Source: Financial Times


  • Verizon will launch home 5G everywhere mobile service is available

    Verizon (Engadget's parent company) may be rolling out 5G at a pokey pace, but at least you won't have to choose which kind of 5G you get. Consumer division chief Ronan Dunne told investors that fixed 5G Home service will "in due course" be available in every market where mobile 5G is available. It's "one network," he said -- there's little stopping Verizon from offering both. The carrier is planning a "full" launch for Home late in 2019 using the official 5G standard, so the synchronicity might begin relatively quickly.

    The initial service ran on an in-house approach to 5G and offers typical speeds of 300Mbps. It won't compete with gigabit fiber, but it's faster than many landline connections and, if you get an indoor antenna, let you set up yourself.

    The main catch, as always, is the slow pace of 5G deployment. Verizon's current 5G is available in parts of just 10 cities, and it can only roll out so quickly when the ultra-wideband technology requires an extensive number of cell sites to provide solid coverage. That reach should extend to 30 cities before 2019 is over, but that still means it could be a long while before 5G Home comes to your neighborhood. Still, that beats having to deal with the limited coverage of FiOS and other wired high-speed services.

    Via: Ars Technica

    Source: Verizon


  • Initial Creative Emmy winners include Apple, Netflix and NASA

    The Creative Arts Emmy awards are only half-finished, but it's already clear that streaming services are thriving -- including a few you might not expect. Netflix came home with the most statuettes on the first night of the awards, receiving a total of 15 compared to 'just' eight for next-closest rival National Geographic. Four of those went to Queer Eye for Outstanding Structured Reality Program as well as specific reality show awards for casting and directing. The animated anthology Crew Dragon demo launch earned it an Outstanding Interactive Program award.

    The Creative Arts Emmys will wrap up with a second presentation on the evening of September 15th, and While these victories aren't particularly reflective of who will win at the main Emmy awards show on September 22nd, they do bode well for streaming services and technology as a whole. They're not necessarily dominant, but they're too large for the conventional TV industry to ignore.

    Via: Deadline, Variety

    Source: Emmys (PDF)


  • New York state bans sales of flavored e-cigarettes

    New York isn't waiting for the federal government to take action on teen vaping. Governor Andrew Cuomo has announced an "emergency executive action" that will ban sales of flavored e-cigarettes. The move will see the state Department of Health's Commissioner hold an urgent meeting with the Public Health and Health Planning Council to implement the ban. E-cig makers and stores are "intentionally and recklessly" trying to court a younger audience, Cuomo claimed, and this would theoretically put a stop to the behavior.

    The state is simultaneously stepping up enforcement against retailers who sell to underage buyers, including undercover investigations that will have underage volunteers trying to buy e-cigs. He's also moving forward legislation that aims to ban "deceptive marketing" of e-cigs to teens and kids. The moves come on top of previous crackdowns, including the passing of a law raising the minimum buying age from 18 to 21 (due to take effect November 13th), an investigation into vaping companies and an executive order mandating awareness programs for schools.

    Cuomo pointed to Department of Health data showing steep climbs in e-cig use among teens. About 27 percent of high schoolers were using e-cigarettes, or 160 percent more than they were in 2014, according to officials. The governor also referenced a 2017 survey showing that 19 percent of state teens tried e-cigs due to flavors, with 27 percent citing flavor as a reason to keep smoking. He went on to accuse companies of falsely claiming e-cigs are safe, noting that early studies suggested they could lead to cardiovascular and respiratory problems.

    It's not certain if other states will follow suit, but this is still a significant blow to e-cig producers. They've taken efforts to curb teen vaping, such as Juul's stricter screening, but that clearly isn't enough in New York's eyes. They'll have no choice but to sell 'plain' e-cigs in one of the most populous states in the country, and they risk further legal action if New York feels their sales tactics are still too inviting to teens. The tide appears to be turning against the e-cig industry, and it might not have much choice but to honor ever-tougher restrictions.

    Via: Andrew Cuomo (Twitter)

    Source: New York State


  • After Math: Shut it down, shut it all down

    While Moviepass shocked the internet with news on Friday that it would be shuttering its subscription-based service effective immediately, a number of tech companies were putting down kiboshes of their own. Facebook had to take down a Netanyahu chatbot over hate speech, Google got dinged a billion bucks by the EU, and Ford sold off the subscription service you didn't know it had. It's been a week of legal and regulatory smackdowns and we've got the headlines to prove it.


    Google to pay $1.1 billion in France following tax probe
    Good lord, even the Lannisters paid their debts more quickly than Google does. The internet behemoth was laid low this week after a French court concluded that yes, its does have to pay the billion-plus dollars it owes the European nation.


    Hulu drops support for Google's Daydream VR platform
    Oh Google Daydream VR, we hardly knew ye. And now we will know you even less as Hulu announced this week that it will be dropping support for the little-used platform. Daydream isn't dead yet but it sure seems to be going the way of 3D TV.


    Kickstarter accused of union-busting after firing two employees
    Kickstarter thought it could quietly kill off any talk of unionization when it fired two organizing staff members in recent weeks. Kickstarter was wrong. Now it finds itself in the center of a legal and PR firestorm that won't be going away any time soon.


    Facebook suspended Israeli PM's campaign chatbot for hate speech
    In the proud tradition of nascent technology advances immediately being used to spread racism and xenophobia (hi, Tay!) Facebook was forced to flip the switch on a chatbot associated with Israeli Prime Minister Benjamin Netanyahu's reelection campaign after it started spouting anti-Arab slogans at online users.


    Ford sells off its monthly car subscription service
    For the past couple of years, Ford has quietly offered customers in San Francisco, LA and Dallas access to its Canvas app-based car subscription scheme. However the car company announced this week that it will be selling its Canvas IP (and all 100 of the startup's employees) to Santa Monica's Fair, a similar startup which partners with Uber.



  • The best USB-C hubs and docks

    By Nick Guy

    This post was done in partnership with Wirecutter. When readers choose to buy Wirecutter's independently chosen editorial picks, Wirecutter and Engadget may earn affiliate commission. Read the full guide to USB-C Hubs and Docks.

    After spending 20 hours testing 22 USB-C hubs and five USB-C docks, we think Vava's VA-UC006 USB-C Hub is the best option for connecting older peripherals and external storage devices to a new laptop or MacBook. It has an ideal range of ports that all transfer data at full speed, it's sturdily built, it's small and light enough to throw in a bag, and it's reasonably priced.

    With three USB-A ports plus HDMI (with 4K support), Ethernet, SD, microSD, and power passthrough, the Vava VA-UC006 offers the connectors most people need most of the time. It's powerful enough to leave at your desk full-time as a docking station but small enough to slip in your laptop bag and use on the go. The only downside is that the Ethernet port hinges open, a design that saves space but is more likely to break than a standard Ethernet port.

    HooToo's USB-C Hub HT-UC001 offers similar performance to the Vava for about two-thirds the price, but it lacks a microSD card reader and an Ethernet port. We think the Vava's more versatile port selection and slightly smaller size are worth paying for, but the HooToo is a good option if you need something less expensive.

    If you just need more USB 3.0 ports for flash drives, keyboards, mice, and other low-power accessories, Aukey's USB C to 4-Port USB 3.1 Gen 1 Hub (CB-C64) is the best option we tested, and the least expensive. It's a straightforward plastic adapter with four full-speed USB 3.0 ports. But its lack of passthrough power makes it a poor choice if your computer has only one or two USB-C ports, as the MacBook does.

    If you need only an Ethernet connection, we like the Cable Matters USB Type-C to Gigabit Ethernet Adapter. It delivers full Gigabit speed, it comes from a reputable company, and it's inexpensive. It did get warm when we used it, which is to be expected with USB-C Ethernet adapters, but it reached the same temperature as a more expensive model we tested.

    Docks are larger and usually equipped with more ports than hubs, and they can provide power on their own, making them a better fit if you're looking for something to set on your desk permanently. Among the five USB-C docks we tested, Dell's D6000 Universal Dock is the best, with four USB-A ports, a USB-C port, HDMI and two DisplayPort video ports, Gigabit Ethernet, and a 3.5 mm audio connector. It worked equally well with a PC and a Mac in our testing. It also delivers 65 watts—the most charging power of any dock we measured—and it's the least expensive dock option (though it's still more than twice as expensive as the Vava hub).
    Our picks' ports compared
    Name

    USB ports

    Video ports

    Card reader

    Ethernet

    Audio

    Charging

    Vava VA-UC006

    USB-A (three), USB-C (one, charge only)

    HDMI (one)

    SD, microSD

    Gigabit

    -

    Yes (requires laptop's charger)

    HooToo HT-UC001

    USB-A (three)

    HDMI (one)

    SD

    Gigabit

    -

    Yes (requires laptop's charger)

    Aukey CB-C64

    USB-A (four)

    -

    -

    -

    -

    -

    Dell D6000

    USB-A (four), USB-C (one)

    HDMI (one), DisplayPort (two)

    -

    Gigabit

    3.5 mm in/out (one), 3.5 mm out (one)

    Yes (charger included)

    Cable Matters USB Type-C to Gigabit Ethernet Adapter

    -

    -

    -

    Gigabit

    -

    -
    Why you should trust me
    I was the accessories editor at iLounge for a little more than three years and have been covering accessories at Wirecutter for a little longer than that. During that time, I've reviewed more than 1,000 iOS and Mac products, including numerous docking stations. I've also been responsible for most of Wirecutter's USB-C coverage from the start, researching and testing everything from chargers to adapters to cables.
    Who this is for
    USB-C hubs and docks let you hook your old stuff up to your new stuff. If you have a new, USB-C–based computer—whether it includes a USB-C port among its other ports or, like Apple's MacBook models or the newest Dell XPS 13, it has nothing but USB-C ports—and you still need to connect flash drives, printers, Ethernet, a display, or any other accessories you already own, a USB-C hub or dock will let you hook up multiple peripherals to a single USB-C port at once. Some models are ideal for tossing in your bag, while others are better for leaving plugged into everything at your desk.

    If you're looking for a more-powerful desktop docking option and your computer's USB-C ports also support Thunderbolt 3, you might consider a Thunderbolt 3 dock, which can connect to more monitors and transfer data faster. If you're just looking for a way to get more USB-C ports, well, unfortunately you're out of luck; we have yet to find any USB-C hubs that add extra USB-C ports.
    How we picked and tested
    The terms hub and dock are often used interchangeably and don't have exact definitions. For this guide, we treated anything designed to be portable as a hub; some hubs can pass power to a laptop when connected to a charger, but they don't come with one. Docks are designed to sit on a desk, equipped with their own power bricks, and capable of charging your laptop without your needing to provide a separate charger.

    We researched and tested hubs with a number of different port layouts, ranging from models with just USB-A ports to those including USB-A plus power passthrough, video output, Ethernet connectors, and SD card slots.

    For docks, we limited our search to units that were compatible with both PCs and Macs, cost less than $200, had at least four USB-A ports and a USB-C output port, and could power a computer and peripherals.

    We tested each hub and dock with both a MacBook Pro (13-inch, 2016, Four Thunderbolt 3 Ports) and the early-2018 USB-C–only version of the Dell XPS 13. We also tested our picks on a 2018 iPad Pro, though many of our tests don't actually work with iOS. Our tests included the following:
    USB-A: We ran AJA System Test speed tests using Samsung's Portable SSD T3. To measure how fast each hub could charge other devices, we connected a 10.5-inch iPad Pro and read the power draw with PortaPow's USB Power Monitor. HDMI: We connected each of the docks via HDMI to a Dell Ultra HD 4K Monitor P2715Q with the resolution set to 4K. Mac computers support only a 30 Hz refresh rate at 4K resolution, but the Dell XPS 13 pushes out a full 60 Hz. Ethernet: We verified the connection speed in Network Utility on a Mac, which displays the link speed. Heat: Because hubs and adapters can get quite hot during use—especially, in our experience, when using Ethernet—we also measured the temperatures of our picks with an infrared thermometer after 15 minutes of continuous data and Ethernet use to make sure they weren't dangerously hot. As a Satechi representative explained to us, "All the bandwidth that goes to Ethernet, HDMI, USB and SD card ports requires energy consumption and that's transferred to heat. Operating temperatures between 86-122 degrees Fahrenheit ... are normal." SD card: We ran AJA System Test on a 64 GB SanDisk Extreme Pro. microSD card: We ran the same test as above using the Samsung Evo Select 64 GB. Power passthrough: macOS reports the incoming power in its System Report. We used the MacBook Pro's 61 W charger and the included USB-C cable, and we recorded what the computer was reporting.The best USB-C hub: Vava VA-UC006 USB-C Hub
    Photo: Michael Hession
    Vava's VA-UC006 USB-C Hub is the best way to add the widest array and greatest number of ports to your USB-C–based computer in a highly portable and durable package. It has all the right connections—three USB-A ports, USB-C power passthrough, Gigabit Ethernet, HDMI, and microSD and SD card slots—to be handy on the go, or even to act as a semipermanent desk accessory. Nothing else comes close to offering the same combination of performance, design, and price.

    The aluminum hub measures 4 inches long, 2 inches wide—similar in size to an old iPod nanoand less than half an inch at its thickest point. Its 6-inch USB-C cable is long enough that you should be able to position it as needed, and the cable itself feels sturdy but not so stiff that it'll be hard to keep it where you want it. At less than 2.5 ounces, the hub is easy to pack and doesn't weigh you down.

    There are some ports all hubs need to have, and some that are nice but not necessary; the Vava hub has all of the above. You get three USB 3.0 Type-A ports, and in our testing each of them passed data to a portable SSD at average read speeds of 414 MB/s and write speeds of 366 MB/s (these figures were consistent across almost all of the hubs and docks we tested). Next to that line of ports is an HDMI port that in our testing pushed out 4K video at 60 Hz from the XPS 13 as expected. The Mac was limited to 30 Hz because getting 60 Hz, 4K video out of a Mac requires a precise setup; the iPad Pro was also limited to a 30 Hz refresh rate.

    The Vava hub's microSD and SD card slots. Photo: Michael Hession
    The Vava also has SD and microSD card slots on the opposite edge for photo transfers. The full-size SD card slot averaged 87 MB/s read and 76 MB/s write in our tests. Those speeds are a little slower than what our standalone USB-C SD card reader pick produced, but not by much, and they're as fast as the results from the slot on any other hub we tested. The microSD card speeds were slower at 86 MB/s read and 58 MB/s write, but again, with those speeds the Vava matched or beat the competition.

    Finally, the Vava has a USB-C port for power passthrough and a Gigabit Ethernet port. Our 13-inch MacBook Pro reported receiving 49 watts when we connected Apple's 61 W charger to the hub. That figure is lower than with some of the competition, but still fast enough to charge your 13-inch computer at a reasonable speed (15-inch machines will still charge but at a slower rate). The Ethernet port is the most clever element of the whole hub: Rather than increasing the thickness of the entire device to accommodate an Ethernet plug, the Vava design uses a flip-open door to expand the full port as needed.

    Flaws but not dealbreakers

    That clever Ethernet port is one of the Vava hub's few potential flaws. Because it's a moving part, there's a chance it could break. We didn't see anything in our short-term tests to suggest it would, but no other hub or dock we tested had a comparable potential point of failure.

    The Vava's three USB-A ports are tightly arranged side by side, so you likely won't be able to connect three flash drives or thicker plugs at a time.

    Vava promises up to a 100-watt passthrough charge rate, but in our tests the hub limited the power coming from our 61 W power adapter to 49 watts.

    Like many USB-C hubs we've tested, the Vava gets hot during use. We measured it at 110 °F after 15 minutes with the USB-C power cable and an Ethernet cord plugged in. That's hot enough to be noticeable when you touch it, but not so much that it's dangerous—as we noted above, that's within the normal operating temperature for this kind of accessory.
    Cheaper but fewer ports: HooToo USB C Hub HT-UC001
    Photo: Nick Guy
    HooToo's USB C Hub HT-UC001 isn't quite as full-featured or compact as Vava's hub, but it offers many of the same ports for about two-thirds of the price. Providing three USB-A ports, HDMI output, USB-C power passthrough, and a full-size SD card slot, it's a good option if you want to be able to use wired accessories and hook up to an external display but aren't concerned about using a wired network connection.

    The HooToo hub's USB-C power passthrough port is on one side, the three USB Type-A ports and SD card reader are on the other, and the HDMI port is on the end. Photo: Nick Guy
    In our tests, all the ports worked as expected. USB read and write speeds were comparable to those of every other hub we tested. We also recorded a 60 Hz refresh rate at 4K resolution from the Dell XPS 13, and the MacBook Pro reported a power draw of 55 W (a little higher than, but similar to, the Vava's result). A 100-watt version of the hub is also available—it's still cheaper than the Vava, but you need that much power only if you have a larger laptop like the 15-inch MacBook Pro.

    The HooToo hub works well, has all the ports most people will need, and feels almost as nice as the Vava hub. The aluminum and plastic rectangle is about 0.3 inch longer than the Vava hub, but about the same width and thickness. The HooToo's cable is also a bit thicker than the Vava's, so this hub is less likely to stay where you want it to. If you're willing to accept these compromises and don't need the Vava hub's extra features, the HooToo hub is a good choice, but we think the Vava hub's versatility and size make it worth the extra money.
    A cheap way to add more USB-A ports: Aukey CB-C64
    Photo: Michael Hession
    Aukey's USB C to 4-Port USB 3.1 Gen 1 Hub (CB-C64) is the best choice for adding a handful of USB 3.0 ports to your USB-C computer, and it's cheap. Equipped with four USB-A ports, the hub will let you connect any combination of a keyboard, mouse, printer, flash drive, or another low-power-draw device such as a webcam, gamepad, or portable hard drive. (Aukey says that "for best performance, the power demand of connected devices shouldn't exceed the total USB output of 5V 0.9A.") In our tests, all of the ports transferred data as quickly as anything else we tried. The 3.9-by-1.3-inch black plastic rectangle is less than half an inch thick and weighs a little over an ounce. You can throw it in a bag without even noticing it's there.
    The best USB-C–to–Ethernet adapter: Cable Matters USB Type-C to Gigabit Ethernet Adapter
    Photo: Michael Hession
    We think most people will be better off with a hub that provides an array of ports, but if you need only an Ethernet connection, we recommend the Cable Matters USB Type-C to Gigabit Ethernet Adapter. This simple plastic adapter works as expected, delivering full Gigabit speed, and it comes from a company we know and trust. As a bonus, it's inexpensive. USB-C Ethernet adapters are known to get hot; this one reached only about 100 °F after 15 minutes of use, the same as a more expensive metal-bodied model from Anker. That does feel warm to the touch, but not uncomfortably hot, and it's expected behavior.
    The best USB-C dock: Dell D6000 Universal Dock
    Photo: Michael Hession
    Most people are best served by a portable hub because hubs are more affordable and do many of the same tasks as docks. But if you're looking for a stationary option (for example, if you like to hook your laptop up to a display and accessories at your desk) that doesn't require an additional laptop charger, we suggest Dell's D6000 Universal Dock. (If your PC or Mac supports Thunderbolt 3 and you plan to connect your computer to high-speed external hard drives or multiple high-resolution displays, a Thunderbolt 3 dock is a better choice than a USB-C dock.)

    Compared with a portable hub, the D6000 offers more video-output options (one HDMI port and two DisplayPorts), more USB ports (four USB-A, one USB-C), 3.5 mm audio-in and -out jacks, and charging, all over a single USB-C cable. (It comes with its own power adapter, so you can keep the charger that came with your laptop in your travel bag.) It's less expensive than other docks we tested and works reliably with both Macs and PCs—although the DisplayPort ports won't work with Macs because of a recent software limitation—and it provides more power to a laptop than similarly priced options (65 watts, versus 39 watts from other models).

    The rear of the D6000, including its video, Ethernet, USB-A, and 3.5 mm audio ports. Photo: Michael Hession
    The D6000 is a utilitarian 6.5-by-3-inch black plastic rectangle with a rubber antislip base. Its permanently connected, 3-foot USB-C cable comes out the left side, and a USB-A 3.0 adapter on the cord lets you connect to an older computer. From left to right along the front, you'll find a combined audio-in and -out jack, two USB 3.0 ports, and a USB-C port that you can use for data or to provide up to 12 W of power to a device. Flip the dock around to the back, and you see an HDMI port, two DisplayPort outputs, Gigabit Ethernet, another pair of USB-A ports, and a 3.5 mm audio-out jack.

    All of the Dell dock's data ports transferred data at rates comparable to what we saw from every other dock and hub we tested. We measured full 4K, 60 Hz videos from the DisplayPort connectors using the Dell dock, although that dropped to a 1080p resolution over HDMI. DisplayPort doesn't work at all with Macs running up-to-date software because the dock uses DisplayLink, software that was broken by the macOS 10.13.4 update and remains broken in the current version of macOS; the ports didn't work with our iPad Pro, either. The HDMI port put out 4K video at 30 Hz when connected to a Mac and an iPad Pro, as expected.

    Look at the size of that power brick! Photo: Michael Hession
    One thing to keep in mind with this dock is the huge power brick: It's almost exactly the same size as the dock itself. But because the dock is meant to stay on a desk rather than tossed in a bag, this isn't a dealbreaker. The cable running from the charger to the dock is about 6 feet long, so you should be able to position the power brick in a convenient place without it getting in the way.
    The competition
    USB-C hubs

    HooToo's HT-UC009 USB-C Hub and Vava's VA-UC010 USB-C Hub are identical hubs from brands with the same parent company. Their design is a little larger than that of the Vava VA-UC006, though, and of their three USB-A ports, only two support USB 3.0 speeds, with the last limited to 2.0 rates.

    Twelve South's StayGo comes with both a short USB-C cable (which you can store inside the unit) and a longer cable; the combination allows you to easily use the hub at your desk or on the go. Unfortunately, at 2.4 inches wide and 5 inches long, this model is larger than most of the hubs we've seen, and in our testing we didn't measure a proper 30 Hz refresh rate from it at even 1080p resolution, let alone 60 Hz at 4K. This model also about twice the price of the Vava VA-UC006.

    Vava's VA-UC008 USB-C Hub is much larger than our main pick, and one of its USB-A ports supports only 2.0 speeds.

    Kingston's Nucleum is one of the few USB-C hubs to feature a USB-C data port in addition to one for power. But it lacks an Ethernet connection, and it's more expensive than our main pick right now. This hub is also about an inch longer. If you value that extra USB-C port and don't need Ethernet, consider it.

    Satechi's Aluminum Multi-Port Adapter V2 has identical ports and performance to our Vava pick, but is larger and more expensive. However, it has a regular Ethernet port that is less fragile than the Vava's fold-up port. In our tests it stayed cooler than the Vava hub at 96 °F. We don't think that's worth paying more for, but the Satechi dock is a decent backup option if it goes on sale or if our top pick is unavailable.

    Dodocool's 8-in-1 Multifunction USB-C Hub worked just as well as our pick, with the exact same selection of ports. But it's bigger and feels cheaper, and we didn't like the port layout as much. We think spending a few dollars more on our pick is worth it for a more compact metal design and a better layout.

    Aukey's CB-C55 Multiport USB-C Adapter and Anker's Premium USB-C Mini-Dock each have one fewer USB-A port than our pick, at a similar or higher price. Additionally, the Aukey hub had the slowest SD and microSD read and write speeds we tested by a wide margin, and the Anker lacks a microSD slot.

    Sanho's HyperDrive USB-C Hub and Satechi's Slim Aluminum Type-C Multi-Port Adapter are identical units with identical performance. Both have only two USB-A ports and cost more than our pick, but we like the streamlined design.

    Vava's VA-UC003 USB Type-C Hub plugs directly into a computer's USB-C port rather than using a cable; this means it can block surrounding ports. And it has only two USB-A ports itself.

    The Lenovo C107 USB-C Hub (a licensed product not actually made or supported by Lenovo itself) worked fine in our tests, with speed and power results in line with those of the rest of the hubs we tested. But many customers have complained about performance, and no clear path to customer support is available if you have an issue.

    USB-A hubs

    The AmazonBasics USB 3.1 Type-C to 4 Port USB Hub and the Monoprice SuperSpeed 4-Port USB-C Hub work just as well as our pick but are larger.

    Monoprice's Select Series USB-C to 4x USB-A 3.0 Adapter was also just as fast in our tests, but its layout prevents two flash drives from being connected in adjacent ports.

    In owner reviews of Anker's USB-C to 4-Port USB 3.0 Hub, we saw too many complaints about Wi-Fi interference for us to recommend it, although we didn't see this problem in our testing.

    Other hubs

    After testing USB-A/Ethernet hubs, including Anker's Premium USB-C Hub with Ethernet and Power Delivery and Monoprice's Select Series USB-C to 3x USB-A 3.0, Gigabit Ethernet, and USB-C (F) Adapter, we decided that their value and usefulness weren't good enough for us to recommend any of them over similarly priced hubs with more types of ports. Dodocool's USB-C 3.1 to 3-Port USB 3.0 Hub with Gigabit Ethernet Adapter and Power Delivery was the least expensive model in this category, but it offered the lowest power draw from its ports, and the Ethernet connector simply didn't work on our Mac, although it did on our Dell.

    We applied the same reasoning to hubs that had only USB-A ports and power passthrough, such as Dodocool's USB-C to 4-Port USB 3.0 Hub with PD or Monoprice's Select Series USB-C to 4x USB-A 3.0 and USB-C (F) Adapter.

    USB-C docks

    Plugable's USB-C Triple Display Docking Station worked well in our tests. Compared with our picks, however, it's more expensive, with identical data performance and a lower power output of 39 watts.

    The inputs and outputs on the HP Elite USB-C Docking Station simply didn't work with our MacBook Pro. No video, no data, nothing. It did work with our Dell XPS 13, but even so only one of the four USB-A ports is 3.0 speed; the rest are all 2.0.

    OWC says not to use its USB-C Dock (Mini DisplayPort) or USB-C Dock (HDMI) with 2017 or later Macs. That restriction, combined with the fact that neither version was able to deliver video from our Dell XPS 13 to our monitor, means you really shouldn't pick either one.

    We decided not to test Henge Docks's Stone, Belkin's USB-C 3.1 Express Dock HD, and StarTech's MST30C2DPPD USB-C Dock, DK30CHDDPPD Dual Monitor USB-C Dock, DKWG30DPHPD Wireless USB-C Docking Station, MST30C2HDPPD Dual Monitor USB-C Dock, and DK30CH2DPPD USB-C Triple Monitor Dock due to their high prices at the time we were researching this guide. We also declined to test Plugable's UD-CA1A USB-C Docking Station, CalDigit's USB-C Dock, Kensington's SD4600P USB-C Docking Station, Kensington's SD4500 USB-C Docking Station, and Dell's WD15 Monitor Dock based on factors including their port selection and power output.

    This guide may have been updated by Wirecutter. To see the current recommendation, please go here.

    When readers choose to buy Wirecutter's independently chosen editorial picks, Wirecutter and Engadget may earn affiliate commissions.


OSnews

  • Linux 5.3 released
    Linux 5.3 has been released. This release includes support for AMD Navi GPUs; support for the umwait x86 instructions that let processes wait for short amounts of time without spinning loops; a utilization clamping mechanism that is used to boost interactivity on power-asymmetric CPUs used in phones; a new pidfd_open(2) system call that completes the work done to let users deal with the PID reuse problem; 16 millions of new IPv4 addresses in the 0.0.0.0/8 range are made available; support for Zhaoxin x86 CPUs; support Intel Speed Select for easier power selection in Xeon servers; and support for the lightweight hypervisor ACRN, built for embedded IoT devices. As always, many other new drivers and improvements can be found in the changelog.


  • IBM introduces next-gen Z Mainframe: the z15
    On Thursday IBM unveiled their new mainframe, the z15. Overall, the z15 represents an evolutionary change over its predecessor, the z14. However, there are plenty of enhancements across the board. This goes way over my head, but its still immensely cool.


  • Volkswagen’s bold plan to create a new car operating system
    Eventually, thats going to mean a single software stack common across VW Groups vehicles—everything from the instrument displays and the infotainment to powertrain and chassis management (think traction and stability control or advanced driver assistance systems), plus a common connected car infrastructure and cloud. However, each brand will still get to develop its own UX in the same way that Porsche and Audi can build very different-looking vehicles from the same MLB Evo toolbox. Theyre going to base it on Android, but without much of the Google parts because of privacy concerns (i.e., VW wants that data for itself, not share it with Google). And, as always in the car world, it will be many, many years before this initiative will make its way to VW Groups cars  the unit wont be fully staffed until 2025.


  • KaiOS Developer Portal launches to help programmers create apps for the platform
    With the launch of the KaiOS Developer Portal, developers new to the platform have all of the tools they need to begin building and distributing apps for KaiOS. The guide can help you get a feel for things with sample code, there are instructions for setting up your development environment, and there’s an easy to set up simulator that lets you run your app virtually to ensure everything is working. KaiOS is used by more than 100 million people, so theres definitely value in taking a look if youre a mobile developer.


  • Sorry Apple, iPhones aren’t for pro video
    The Twitter tirade started after we saw yet another “Apple Blue Line Bar Graph Better Than Android Gray Line Benchmark”. The A12 is more powerful than any Android, and the A13 will beat that! But here’s the problem. I truly believe Apple chips are silly powerful, but for the last four years, Apple really hasn’t let us touch that power. I shared my rendering experiences again, comparing the iPhone XS against the iPhone SE. In iMove, the iPhone SE continues to render video faster than the XS. Rendering the same video, the OnePlus is a LOT faster at the task than the more expensive XS. The OnePlus also delivers a final video at twice the bitrate of the iPhone (which does look better to my eye). Better quality, twice the size, in two thirds the time. The common wisdom is that Apples A series chips are considerably faster than their Snapdragon counterparts, and I, too, have highlighted that wisdom here on OSNews a number of times. However, if we leave the world of synthetic benchmarks and Apples terrible bar graphs behind and start looking at real-world performance, the common wisdom doesnt seem to hold up. When even an outdated iPhone SE beats another iPhone thats years newer and four times as expensive, you know somethings up. Performance is more complicated than a synthetic benchmark that can be gamed or Apples entirely meaningless bar graphs.


  • GNOME 3.34 released
    The latest version of GNOME 3 has been released today. Version 3.34 contains six months of work by the GNOME community and includes many improvements, performance improvements and new features. Highlights from this release include visual refreshes for a number of applications, including the desktop itself. The background selection settings also received a redesign, making it easier to select custom backgrounds. They have a video highlighting the changes too.


  • The iPhone and Apple’s services strategy
    Ben Thompson, on Apples services strategy: Apple also adjusted their AppleCare+ terms yesterday: now you can subscribe monthly and AppleCare+ will carry on until you cancel, just as other Apple services like Apple Music or Apple Arcade do. The company already has the iPhone Upgrade Program, that bundles a yearly iPhone and AppleCare+, but this shift for AppleCare+ purchased on its own is another step towards assuming that Apple’s relationship with its customers will be a subscription-based one. To that end, how long until there is a variant of the iPhone Upgrade Program that is simply an all-up Apple subscription? Pay one monthly fee, and get everything Apple has to offer. Indeed, nothing would show that Apple is a Services company more than making the iPhone itself a service, at least as far as the customer relationship goes. You might even say it is innovative. in a way, iPhones already work this way; you dont really own your iPhone, as it is entirely locked down and not yours to do with as you please. The financing aspect of the equation seems to also be falling in place now, and I indeed wouldnt be surprised to see Apple offer the described iPhone leasing program over the coming years.


  • Every iPad wants to be a Surface now
    “Netbooks aren’t better at anything,” joked Steve Jobs when he stood on stage nearly 10 years ago to introduce the first iPad. Apple’s original vision for its tablet was for a new category of device that was focused on browsing, email, photos, video, music, games, and ebooks. “If there’s going to be a third category of device it’s going to have to be better at these kinds of tasks than a laptop or a smartphone, otherwise it has no reason for being,” said Jobs. It wasn’t a giant iPhone, nor was it a full laptop replacement. The iPad has always been something in-between for nearly a decade, but now every iPad wants to be a Surface. The Surface concept has always been a sound concept for many people  its the software thats always been an issue, and will continue to be an issue for a long time to come. Windows is too much of a desktop, and iPadOS is too much of a smartphone operating system. Our software is lagging behind the hardware.


  • LG set to demonstrate new system that combines webOS IVI and Microsofts MCVP
    LG has announced that it will demonstrate a new system that integrates its webOS Auto In-Vehicle Infotainment (IVI) system with Microsoft Connected Vehicle Platform (MCVP). By combining webOS Auto and MCVP, the In-Vehicle Infotainment system will be able to collect and transmit data about the driver status, door status, and app usage. I cant decide whether its sad or great that webOS has managed to find a second, third or even fourth life as an operating system for cars. I do wonder, though, how much of this platform is really webOS  webOS was basically a badly optimised and cobbled together Linux distribution, and Im assuming very little of what we would recognise as webOS remains in LGs current automotive and television platforms.


  • Haiku monthly activity report for Augustus
    Haikus monthly activity report for August has been published, and its a big one, so I urge you to read the whole report for all the details on whats changed, fixed, and new in Haiku over the past month. There should be something for everyone in there. My personal favourite little tidbit is this one, though. Pascal Abresch got the first part of his work to handle media! keys (play, pause, and other additional keys) recognized by Haiku. The PS/2 driver has been adjusted, but adding all these new keys to the keymap means we now have more than 128 possible keys, which the BeOS keymap format does not allow. So we will need a new one, and this will break compatibility with old apps using the keymap directly (as the API allows). I dont know why, exactly, this fascinates me so much, but I like the mental image of one of the original BeOS developers, coding for Hobbit development boards, writing the code for keyboard handling, deciding upon the 128 key limit being enough for a long time to come. If only they knew.



Linux Journal - The Original Magazine of the Linux Community

  • Linux Journal Ceases Publication: An Awkward Goodbye
        by Kyle Rankin    IMPORTANT NOTICE FROM LINUX JOURNAL, LLC: On August 7, 2019, Linux Journal shut its doors for good. All staff were laid off and the company is left with no operating funds to continue in any capacity. The website will continue to stay up for the next few weeks, hopefully longer for archival purposes if we can make it happen.  –Linux Journal, LLC
     


     
    Final Letter from the Editor: The Awkward Goodbye

    by Kyle Rankin

    Have you ever met up with a friend at a restaurant for dinner, then after dinner you both step out to the street and say a proper goodbye, only when you leave, you find out that you both are walking in the same direction? So now, you get to walk together awkwardly until the true point where you part, and then you have another, second goodbye, that's much more awkward.

    That's basically this post. 

    So, it was almost two years ago that I first said goodbye to Linux Journal and the Linux Journal community in my post "So Long and Thanks for All the Bash". That post was a proper goodbye. For starters, it had a catchy title with a pun. The post itself had all the elements of a proper goodbye: part retrospective, part "Thank You" to the Linux Journal team and the community, and OK, yes, it was also part rant. I recommend you read (or re-read) that post, because it captures my feelings about losing Linux Journal way better than I can muster here on our awkward second goodbye. 

    Of course, not long after I wrote that post, we found out that Linux Journal wasn't dead after all! We all actually had more time together and got to work fixing everything that had caused us to die in the first place. A lot of our analysis of what went wrong and what we intended to change was captured in my article Go to Full Article          


  • Oops! Debugging Kernel Panics
        by Petros Koutoupis   
    A look into what causes kernel panics and some utilities to help gain more information.

    Working in a Linux environment, how often have you seen a kernel panic? When it happens, your system is left in a crippled state until you reboot it completely. And, even after you get your system back into a functional state, you're still left with the question: why? You may have no idea what happened or why it happened. Those questions can be answered though, and the following guide will help you root out the cause of some of the conditions that led to the original crash.

    Figure 1. A Typical Kernel Panic

    Let's start by looking at a set of utilities known as kexec and kdump. kexec allows you to boot into another kernel from an existing (and running) kernel, and kdump is a kexec-based crash-dumping mechanism for Linux.
     Installing the Required Packages
    First and foremost, your kernel should have the following components statically built in to its image:
      CONFIG_RELOCATABLE=y CONFIG_KEXEC=y CONFIG_CRASH_DUMP=y CONFIG_DEBUG_INFO=y CONFIG_MAGIC_SYSRQ=y CONFIG_PROC_VMCORE=y  
    You can find this in /boot/config-`uname -r`.

    Make sure that your operating system is up to date with the latest-and-greatest package versions:
      $ sudo apt update && sudo apt upgrade  
    Install the following packages (I'm currently using Debian, but the same should and will apply to Ubuntu):
      $ sudo apt install gcc make binutils linux-headers-`uname -r`  ↪kdump-tools crash `uname -r`-dbg  
    Note: Package names may vary across distributions.

    During the installation, you will be prompted with questions to enable kexec to handle reboots (answer whatever you'd like, but I answered "no"; see Figure 2).

    Figure 2. kexec Configuration Menu

    And to enable kdump to run and load at system boot, answer "yes" (Figure 3).

    Figure 3. kdump Configuration Menu
     Configuring kdump
    Open the /etc/default/kdump-tools file, and at the very top, you should see the following:
        Go to Full Article          


  • Loadsharers: Funding the Load-Bearing Internet Person
        by Eric S. Raymond   
    The internet has a sustainability problem. Many of its critical services depend on the dedication of unpaid volunteers, because they can't be monetized and thus don't have any revenue stream for the maintainers to live on. I'm talking about services like DNS, time synchronization, crypto libraries—software without which the net and the browser you're using couldn't function.

    These volunteer maintainers are the Load-Bearing Internet People (LBIP). Underfunding them is a problem, because underfunded critical services tend to have gaps and holes that could have been fixed if there were more full-time attention on them. As our civilization becomes increasingly dependent on this software infrastructure, that attention shortfall could lead to disastrous outages.

    I've been worrying about this problem since 2012, when I watched a hacker I know wreck his health while working on a critical infrastructure problem nobody else understood at the time. Billions of dollars in e-commerce hung on getting the particular software problem he had spotted solved, but because it masqueraded as network undercapacity, he had a lot of trouble getting even technically-savvy people to understand where the problem was. He solved it, but unable to afford medical insurance and literally living in a tent, he eventually went blind in one eye and is now prone to depressive spells.

    More recently, I damaged my ankle and discovered that although there is such a thing as minor surgery on the medical level, there is no such thing as "minor surgery" on the financial level. I was looking—still am looking—at a serious prospect of either having my life savings wiped out or having to leave all 52 of the open-source projects I'm responsible for in the lurch as I scrambled for a full-time job. Projects at risk include the likes of GIFLIB, GPSD and NTPsec.

    That refocused my mind on the LBIP problem. There aren't many Load-Bearing Internet People—probably on the close order of 1,000 worldwide—but they're a systemic vulnerability made inevitable by the existence of common software and internet services that can't be metered. And, burning them out is a serious problem. Even under the most cold-blooded assessment, civilization needs the mean service life of an LBIP to be long enough to train and acculturate a replacement.

    (If that made you wonder—yes, in fact, I am training an apprentice. Different problem for a different article.)

    Alas, traditional centralized funding models have failed the LBIPs. There are a few reasons for this:
        Go to Full Article          


  • Documenting Proper Git Usage
        by Zack Brown   
    Jonathan Corbet wrote a document for inclusion in the kernel tree, describing best practices for merging and rebasing git-based kernel repositories. As he put it, it represented workflows that were actually in current use, and it was a living document that hopefully would be added to and corrected over time.

    The inspiration for the document came from noticing how frequently Linus Torvalds was unhappy with how other people—typically subsystem maintainers—handled their git trees.

    It's interesting to note that before Linus wrote the git tool, branching and merging was virtually unheard of in the Open Source world. In CVS, it was a nightmare horror of leechcraft and broken magic. Other tools were not much better. One of the primary motivations behind git—aside from blazing speed—was, in fact, to make branching and merging trivial operations—and so they have become.

    One of the offshoots of branching and merging, Jonathan wrote, was rebasing—altering the patch history of a local repository. The benefits of rebasing are fantastic. They can make a repository history cleaner and clearer, which in turn can make it easier to track down the patches that introduced a given bug. So rebasing has a direct value to the development process.

    On the other hand, used poorly, rebasing can make a big mess. For example, suppose you rebase a repository that has already been merged with another, and then merge them again—insane soul death.

    So Jonathan explained some good rules of thumb. Never rebase a repository that's already been shared. Never rebase patches that come from someone else's repository. And in general, simply never rebase—unless there's a genuine reason.

    Since rebasing changes the history of patches, it relies on a new "base" version, from which the later patches diverge. Jonathan recommended choosing a base version that was generally thought to be more stable rather than less—a new version or a release candidate, for example, rather than just an arbitrary patch during regular development.

    Jonathan also recommended, for any rebase, treating all the rebased patches as new code, and testing them thoroughly, even if they had been tested already prior to the rebase.

    "If", he said, "rebasing is limited to private trees, commits are based on a well-known starting point, and they are well tested, the potential for trouble is low."

    Moving on to merging, Jonathan pointed out that nearly 9% of all kernel commits were merges. There were more than 1,000 merge requests in the 5.1 development cycle alone.
        Go to Full Article          


  • Understanding Python's asyncio
        by Reuven M. Lerner   
    How to get started using Python's asyncio.

    Earlier this year, I attended PyCon, the international Python conference. One topic, presented at numerous talks and discussed informally in the hallway, was the state of threading in Python—which is, in a nutshell, neither ideal nor as terrible as some critics would argue.

    A related topic that came up repeatedly was that of "asyncio", a relatively new approach to concurrency in Python. Not only were there formal presentations and informal discussions about asyncio, but a number of people also asked me about courses on the subject.

    I must admit, I was a bit surprised by all the interest. After all, asyncio isn't a new addition to Python; it's been around for a few years. And, it doesn't solve all of the problems associated with threads. Plus, it can be confusing for many people to get started with it.

    And yet, there's no denying that after a number of years when people ignored asyncio, it's starting to gain steam. I'm sure part of the reason is that asyncio has matured and improved over time, thanks in no small part to much dedicated work by countless developers. But, it's also because asyncio is an increasingly good and useful choice for certain types of tasks—particularly tasks that work across networks.

    So with this article, I'm kicking off a series on asyncio—what it is, how to use it, where it's appropriate, and how you can and should (and also can't and shouldn't) incorporate it into your own work.
     What Is asyncio?
    Everyone's grown used to computers being able to do more than one thing at a time—well, sort of. Although it might seem as though computers are doing more than one thing at a time, they're actually switching, very quickly, across different tasks. For example, when you ssh in to a Linux server, it might seem as though it's only executing your commands. But in actuality, you're getting a small "time slice" from the CPU, with the rest going to other tasks on the computer, such as the systems that handle networking, security and various protocols. Indeed, if you're using SSH to connect to such a server, some of those time slices are being used by sshd to handle your connection and even allow you to issue commands.

    All of this is done, on modern operating systems, via "pre-emptive multitasking". In other words, running programs aren't given a choice of when they will give up control of the CPU. Rather, they're forced to give up control and then resume a little while later. Each process running on a computer is handled this way. Each process can, in turn, use threads, sub-processes that subdivide the time slice given to their parent process.
        Go to Full Article          


  • RV Offsite Backup Update
        by Kyle Rankin   
    Having an offsite backup in your RV is great, and after a year of use, I've discovered some ways to make it even better.

    Last year I wrote a feature-length article on the data backup system I set up for my RV (see Kyle's "DIY RV Offsite Backup and Media Server" from the June 2018 issue of LJ). If you haven't read that article yet, I recommend checking it out first so you can get details on the system. In summary, I set up a Raspberry Pi media center PC connected to a 12V television in the RV. I connected an 8TB hard drive to that system and synchronized all of my files and media so it acted as a kind of off-site backup. Finally, I set up a script that would attempt to sync over all of those files from my NAS whenever it detected that the RV was on the local network. So here, I provide an update on how that system is working and a few tweaks I've made to it since.
     What Works
    Overall, the media center has worked well. It's been great to have all of my media with me when I'm on a road trip, and my son appreciates having access to his favorite cartoons. Because the interface is identical to the media center we have at home, there's no learning curve—everything just works. Since the Raspberry Pi is powered off the TV in the RV, you just need to turn on the TV and everything fires up.

    It's also been great knowing that I have a good backup of all of my files nearby. Should anything happen to my house or my main NAS, I know that I can just get backups from the RV. Having peace of mind about your important files is valuable, and it's nice knowing in the worst case when my NAS broke, I could just disconnect my USB drive from the RV, connect it to a local system, and be back up and running.

    The WiFi booster I set up on the RV also has worked pretty well to increase the range of the Raspberry Pi (and the laptops inside the RV) when on the road. When we get to a campsite that happens to offer WiFi, I just reset the booster and set up a new access point that amplifies the campsite signal for inside the RV. On one trip, I even took it out of the RV and inside a hotel room to boost the weak signal.
        Go to Full Article          


  • Another Episode of "Seems Perfectly Feasible and Then Dies"--Script to Simplify the Process of Changing System Call Tables
        by Zack Brown   
    David Howells put in quite a bit of work on a script, ./scripts/syscall-manage.pl, to simplify the entire process of changing the system call tables. With this script, it was a simple matter to add, remove, rename or renumber any system call you liked. The script also would resolve git conflicts, in the event that two repositories renumbered the system calls in conflicting ways.

    Why did David need to write this patch? Why weren't system calls already fairly easy to manage? When you make a system call, you add it to a master list, and then you add it to the system call "tables", which is where the running kernel looks up which kernel function corresponds to which system call number. Kernel developers need to make sure system calls are represented in all relevant spots in the source tree. Renaming, renumbering and making other changes to system calls involves a lot of fiddly little details. David's script simply would do everything right—end of story no problemo hasta la vista.

    Arnd Bergmann remarked, "Ah, fun. You had already threatened to add that script in the past. The implementation of course looks fine, I was just hoping we could instead eliminate the need for it first." But, bowing to necessity, Arnd offered some technical suggestions for improvements to the patch.

    However, Linus Torvalds swooped in at this particular moment, saying:

    Ugh, I hate it.

    I'm sure the script is all kinds of clever and useful, but I really think the solution is not this kind of helper script, but simply that we should work at not having each architecture add new system calls individually in the first place.

    IOW, we should look at having just one unified table for new system call numbers, and aim for the per-architecture ones to be for "legacy numbering".

    Maybe that won't happen, but in the _hope_ that it happens, I really would prefer that people not work at making scripts for the current nasty situation.

    And the portcullis came crashing down.

    It's interesting that, instead of accepting this relatively obvious improvement to the existing situation, Linus would rather leave it broken and ugly, so that someone someday somewhere might be motivated to do the harder-yet-better fix. And, it's all the more interesting given how extreme the current problem is. Without actually being broken, the situation requires developers to put in a tremendous amount of care and effort into something that David's script could make trivial and easy. Even for such an obviously "good" patch, Linus gives thought to the policy and cultural implications, and the future motivations of other people working in that region of code.

    Note: if you're mentioned above and want to post a response above the comment section, send a message with your response text to ljeditor@linuxjournal.com.
        Go to Full Article          


  • Experts Attempt to Explain DevOps--and Almost Succeed
        by Bryan Lunduke   
    What is DevOps? How does it relate to other ideas and methodologies within software development? Linux Journal Deputy Editor and longtime software developer, Bryan Lunduke isn't entirely sure, so he asks some experts to help him better understand the DevOps phenomenon.

    The word DevOps confuses me.

    I'm not even sure confuses me quite does justice to the pain I experience—right in the center of my brain—every time the word is uttered.

    It's not that I dislike DevOps; it's that I genuinely don't understand what in tarnation it actually is. Let me demonstrate. What follows is the definition of DevOps on Wikipedia as of a few moments ago:

    DevOps is a set of software development practices that combine software development (Dev) and information technology operations (Ops) to shorten the systems development life cycle while delivering features, fixes, and updates frequently in close alignment with business objectives.

    I'm pretty sure I got three aneurysms just by copying and pasting that sentence, and I still have no clue what DevOps really is. Perhaps I should back up and give a little context on where I'm coming from.

    My professional career began in the 1990s when I got my first job as a Software Test Engineer (the people that find bugs in software, hopefully before the software ships, and tell the programmers about them). During the years that followed, my title, and responsibilities, gradually evolved as I worked my way through as many software-industry job titles as I could:
     Automation Engineer: people that automate testing software.    Software Development Engineer in Test: people that make tools for the testers to use.    Software Development Engineer: aka "Coder", aka "Programmer".    Dev Lead: "Hey, you're a good programmer! You should also manage a few other programmers but still code just as much as you did before, but, don't worry, we won't give you much of a raise! It'll be great!"    Dev Manager: like a Dev Lead, with less programming, more managing.    Director of Engineering: the manager of the managers of the programmers.    Vice President of Technology/Engineering: aka "The big boss nerd man who gets to make decisions and gets in trouble first when deadlines are missed." 
    During my various times with fancy-pants titles, I managed teams that included:
        Go to Full Article          


  • DNA Geometry with cadnano
        by Joey Bernard   
    This article introduces a tool you can use to work on three-dimensional DNA origami. The package is called cadnano, and it's currently being developed at the Wyss Institute. With this package, you'll be able to construct and manipulate the three-dimensional representations of DNA structures, as well as generate publication-quality graphics of your work.

    Because this software is research-based, you won't likely find it in the package repository for your favourite distribution, in which case you'll need to install it from the GitHub repository.

    Since cadnano is a Python program, written to use the Qt framework, you'll need to install some packages first. For example, in Debian-based distributions, you'll want to run the following commands:
      sudo apt-get install python3 python3-pip  
    I found that installation was a bit tricky, so I created a virtual Python environment to manage module installations.

    Once you're in your activated virtualenv, install the required Python modules with the command:
      pip3 install pythreejs termcolor pytz pandas pyqt5 sip  
    After those dependencies are installed, grab the source code with the command:
      git clone https://github.com/cadnano/cadnano2.5.git  
    This will grab the Qt5 version. The Qt4 version is in the repository https://github.com/cadnano/cadnano2.git.

    Changing directory into the source directory, you can build and install cadnano with:
      python setup.py install  
    Now your cadnano should be available within the virtualenv.

    You can start cadnano simply by executing the cadnano command from a terminal window. You'll see an essentially blank workspace, made up of several empty view panes and an empty inspector pane on the far right-hand side.

    Figure 1. When you first start cadnano, you get a completely blank work space.

    In order to walk through a few of the functions available in cadnano, let's create a six-strand nanotube. The first step is to create a background that you can use to build upon. At the top of the main window, you'll find three buttons in the toolbar that will let you create a "Freeform", "Honeycomb" or "Square" framework. For this example, click the honeycomb button.

    Figure 2. Start your construction with one of the available geometric frameworks.
        Go to Full Article          


  • Running GNOME in a Container
        by Adam Verslype   
    Containerizing the GUI separates your work and play.

    Virtualization has always been a rich man's game, and more frugal enthusiasts—unable to afford fancy server-class components—often struggle to keep up. Linux provides free high-quality hypervisors, but when you start to throw real workloads at the host, its resources become saturated quickly. No amount of spare RAM shoved into an old Dell desktop is going to remedy this situation. If a properly decked-out host is out of your reach, you might want to consider containers instead.

    Instead of virtualizing an entire computer, containers allow parts of the Linux kernel to be portioned into several pieces. This occurs without the overhead of emulating hardware or running several identical kernels. A full GUI environment, such as GNOME Shell can be launched inside a container, with a little gumption.

    You can accomplish this through namespaces, a feature built in to the Linux kernel. An in-depth look at this feature is beyond the scope of this article, but a brief example sheds light on how these features can create containers. Each kind of namespace segments a different part of the kernel. The PID namespace, for example, prevents processes inside the namespace from seeing other processes running in the kernel. As a result, those processes believe that they are the only ones running on the computer. Each namespace does the same thing for other areas of the kernel as well. The mount namespace isolates the filesystem of the processes inside of it. The network namespace provides a unique network stack to processes running inside of them. The IPC, user, UTS and cgroup namespaces do the same for those areas of the kernel as well. When the seven namespaces are combined, the result is a container: an environment isolated enough to believe it is a freestanding Linux system.

    Container frameworks will abstract the minutia of configuring namespaces away from the user, but each framework has a different emphasis. Docker is the most popular and is designed to run multiple copies of identical containers at scale. LXC/LXD is meant to create containers easily that mimic particular Linux distributions. In fact, earlier versions of LXC included a collection of scripts that created the filesystems of popular distributions. A third option is libvirt's lxc driver. Contrary to how it may sound, libvirt-lxc does not use LXC/LXD at all. Instead, the libvirt-lxc driver manipulates kernel namespaces directly. libvirt-lxc integrates into other tools within the libvirt suite as well, so the configuration of libvirt-lxc containers resembles those of virtual machines running in other libvirt drivers instead of a native LXC/LXD container. It is easy to learn as a result, even if the branding is confusing.
        Go to Full Article          


Page last modified on October 08, 2013, at 07:08 PM