Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

NEXT MEETING

What's New

Introducing Ubuntu Phone

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

Show Descriptions... (Show All) (Two Column)

LinuxSecurity.com - Security Advisories


  • Fedora 28: curl Security Update
    `bbLinuxSecurity.com`/bb: - fix FTP shutdown response buffer overflow (CVE-2018-1000300) - fix RTSP bad headers buffer over-read (CVE-2018-1000301)



  • RedHat: RHSA-2018-1664:01 Important: libvirt security update
    `bbLinuxSecurity.com`/bb: An update for libvirt is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,


  • RedHat: RHSA-2018-1667:01 Important: libvirt security update
    `bbLinuxSecurity.com`/bb: An update for libvirt is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,


  • RedHat: RHSA-2018-1654:01 Important: qemu-kvm-rhev security update
    `bbLinuxSecurity.com`/bb: An update for qemu-kvm-rhev is now available for RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 7 Extended Life Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,


  • RedHat: RHSA-2018-1690:01 Important: vdsm security update
    `bbLinuxSecurity.com`/bb: An update for vdsm is now available for RHEV 3.X Hypervisor and Agents Extended Lifecycle Support for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,


  • RedHat: RHSA-2018-1656:01 Important: qemu-kvm security update
    `bbLinuxSecurity.com`/bb: An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,



  • RedHat: RHSA-2018-1669:01 Important: libvirt security update
    `bbLinuxSecurity.com`/bb: An update for libvirt is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability


LWN.net

  • Kata Containers 1.0
    Kata Containers 1.0 has been released. "This first release of Kata Containers completes the merger of Intel’s Clear Containers and Hyper’s runV technologies, and delivers an OCI compatible runtime with seamless integration for container ecosystem technologies like Docker and Kubernetes."



  • [$] SMB/CIFS compounding support
    In a filesystem-track session at the 2018 Linux Storage, Filesystem, andMemory-Management Summit (LSFMM), Ronnie Sahlberg talked about some changeshe has made to add support for compounding to the SMB/CIFSimplementation in Linux. Compounding is a way to combine multipleoperations into a single request that can help reduce network round-trips.


  • Security updates for Tuesday
    Security updates have been issued by Debian (gitlab and packagekit), Fedora (glibc, postgresql, and webkitgtk4), Oracle (java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, libvirt, and qemu-kvm), Red Hat (java-1.7.0-openjdk, kernel-rt, qemu-kvm, and qemu-kvm-rhev), SUSE (openjpeg2, qemu, and squid3), and Ubuntu (kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux, linux-aws, linux-kvm,, linux-hwe, linux-azure, linux-gcp, linux-oem, linux-lts-trusty, linux-lts-xenial, linux-aws, qemu, and xdg-utils).


  • [$] Using GitHub Issues for Python
    In a 2018 Python Language Summit talk that was initially billed as"Mariatta's Topic of Mystery", Mariatta Wijaya described her reasoning for advocating moving Python awayfrom its current bug tracker toGitHub Issues. She wanted to surprise her co-attendees with the talktopic at least partly because it is somewhat controversial. But it wouldcomplete Python's journey to GitHub that started a ways back.


  • RFC: LWN's draft updated privacy policy
    It is the season for web sites to be updating their privacy policies andobtaining consent from their users for whatever data they collect. LWN,being short of staff with the time or interest to work in this area, israther late to this game. The first step is an updatedprivacy policy, which we're now putting out for review. Little has changedfrom the current version; we still don'tcollect much data, share data with others, or attempt to monetize what we have in any way. We would like to ask interested readersto have a look and let us know about any potential problems they see.


  • Spectre variants 3a and 4
    Intel has, finally, disclosedtwo more Spectre variants, called 3a and 4. The first ("rogue systemregister read") allows system-configuration registers to be readspeculatively, while the second ("speculative store bypass") could enablespeculative reads to data after a store operation has been speculativelyignored. Some more information on variant 4 can be found in theProject Zero bug tracker. The fix is to install microcode updates,which are not yet available.


  • [$] Network filesystem topics
    At the 2018 Linux Storage, Filesystem, andMemory-Management Summit (LSFMM), Steve French led a discussion of variousproblem areas for network filesystems. Unlike previous sessions (in 2016 and 2017), there was some good news to reportbecause the long-awaited statx()system call was released in Linux 4.11. But thereis still plenty of work to be done to better support network filesystems inLinux.


  • Parrot 4.0 is out
    Parrot 4.0 has been released. Parrotis a security-oriented distribution aimed at penetration tests and digitalforensics analysis, with additional tools to preserve privacy. "OnParrot 4.0 we decided to provide netinstall images too as we would likepeople to use Parrot not only as a pentest distribution, but also as aframework to build their very own working environment with ease."Docker templates are also available.


  • Security updates for Monday
    Security updates have been issued by Arch Linux (lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, and libcurl-gnutls), CentOS (firefox), Debian (imagemagick), Fedora (exiv2, LibRaw, and love), Gentoo (chromium), Mageia (kernel, librelp, and miniupnpc), openSUSE (curl, enigmail, ghostscript, libvorbis, lilypond, and thunderbird), Red Hat (Red Hat OpenStack Platform director), and Ubuntu (firefox).


LXer Linux News

  • How to Install The Latest AMD Radeon Drivers on Ubuntu 18.04 Bionic Beaver Linux
    If you're planning on using an AMD graphics card with Ubuntu 18.04, you have a couple of options. Because Bionic is an LTS release, you do have the option of using the proprietary AMDGPU-PRO drivers. The open source drivers that come with Ubuntu are probably better for gamers, though. They're already installed, and you can configure your system to receive constant performance-boosting upgrades from the latest Mesa releases. Either way, you're going to have great experience working with AMD on Ubuntu 18.04.



  • Easy & simple guide to Backup & Restore GITLAB
    Gitlab is a web GUI for git repositories with support for CI/CD, issue tracking & wiki. We have already discussed in detail, how we can install GITLAB on CentOS & Ubuntu systems. In this tutorial, we will discuss how we can backup & restore Gitlab.


  • Advanced use of the less text file viewer in Linux
    I recently read Scott Nesbitt[he]#039[/he]s article "Using less to view text files at the Linux command line" and was inspired to share additional tips and tricks I use with less.LESS env varIf you have an environment variable LESS defined (e.g., in your .bashrc), less treats it as a list of options, as if passed on the command line.


  • Nextcloud 13: How to Get Started and Why You Should
    Nextcloud could be the first step toward replacing proprietary services like Dropbox and Skype. In its simplest form, the Nextcloud server is"just" a personal, free software alternative to services like Dropboxor iCloud. You can set it up so your files are always accessiblevia the internet, from wherever you are, and share them with yourfriends. However, Nextcloud can do so much more.



  • VMware OpenStack 5 Rolls Out for Data Centers and Telecoms
    Although VMware has been releasing VIO since 2015, having two versions of the offering is relatively new, with the first release of Carrier and Data Center editions taking place last September. The Carrier version is designed to address specific requirements by telecoms deploying NFV-based network services, especially as they prepare for the 5G world.



  • Linux Foundation LFCE: Hugues Clouâtre
    How well does the certification prepare you for the real world? To help illustrate that, this series features some of those who have recently passed the certification examinations. These testimonials should serve to help you decide if either Linux Foundation Certified System Administrator (LFCS) or Linux Foundation Certified Engineer (LFCE) certification is right for you. In this article, we talk with recently certified LFCE Hugues Clouâtre.



Slashdot

  • Yelp Files New EU Complaint Against Google Over Search Dominance
    Yelp has filed a complaint with the EU's antitrust watchdog against Google, arguing that the search company has abused its dominance in local search and pressuring Brussels to launch new charges against the tech giant, Financial Times reported Tuesday. From the report: European antitrust authorities fined Google $2.8B in June 2017 for favouring its own shopping service over rival offerings in its search results. Google denied wrongdoing and has appealed that decision. Now Yelp, which provides user ratings, reviews and other information about local businesses, wants Margrethe Vestager, the EU Competition Commissioner, to take action against Google for similar alleged abuse in the local search market, according to a copy of the complaint seen by the Financial Times. The move comes days after Yelp founder Jeremy Stopplelman appeared on 60 Minutes to talk about Google's search monopoly. Here's the exchange he had with reporter Steve Kroft: Jeremy Stoppelman: If I were starting out today, I would have no shot of building Yelp. That opportunity has been closed off by Google and their approach. Steve Kroft: In what way? Jeremy Stoppelman: Because if you provide great content in one of these categories that is lucrative to Google, and seen as potentially threatening, they will snuff you out. Steve Kroft: What do you mean snuff you out? Jeremy Stoppelman: They will make you disappear. They will bury you.
            

    Read more of this story at Slashdot.


  • Senators Demand FCC Answer For Fake Comments After Realizing Their Identities Were Stolen
    Two US senators -- one Republican, one Democrat who both had their identities stolen and then used to post fake public comments on net neutrality -- are calling on FCC Chairman Ajit Pai to address how as many as two million fake comments were filed under stolen names. From a report: Senators Jeff Merkley, Democrat of Oregon, and Pat Toomey, Republican of Pennsylvania, are among the estimated "two million Americans" whose identities were used to file comments to the FCC without their consent. "The federal rulemaking process is an essential part of our democracy and allows Americans the opportunity to express their opinions on how government agencies decide important regulatory issues," the pair of lawmakers wrote [PDF]. "As such, we are concerned about the aforementioned fraudulent activity. We need to prevent the deliberate misuse of Americans' personal information and ensure that the FCC is working to protect against current and future vulnerabilities in its system. We encourage the FCC to determine who facilitated these fake comments," the letter continues. "While we understand and agree with the need to protect individuals' privacy, we request that the FCC share with the public the total number of fake comments that were filed."
            

    Read more of this story at Slashdot.


  • The Wayback Machine is Deleting Evidence of Malware Sold To Stalkers
    The Internet Archive's Wayback Machine is a service that preserves web pages. But the site has been deleting evidence of companies selling malware to illegally spy on spouses, Motherboard reported Tuesday. From the report: The company in question is FlexiSpy, a Thailand-based firm which offers desktop and mobile malware. The spyware can intercept phone calls, remotely turn on a device's microphone and camera, steal emails and social media messages, as well as track a target's GPS location. Previously, pages from FlexiSpy's website saved to the Wayback Machine showed a customer survey, with over 50 percent of respondents saying they were interested in a spy phone product because they believe their partner may be cheating. That particular graphic was mentioned in a recent New York Times piece on the consumer spyware market. In another example, a Wayback Machine archive of FlexiSpy's homepage showed one of the company's catchphrases: "Many spouses cheat. They all use cell phones. Their cell phone will tell you what they won't." Now, those pages are no longer on the Wayback Machine. Instead, when trying to view seemingly any page from FlexiSpy's domain on the archiving service, the page reads "This URL has been excluded from the Wayback Machine."
            

    Read more of this story at Slashdot.


  • The Whole World is Now a Computer, Says Microsoft CEO Satya Nadella
    Thanks to cloud computing, the Internet of Things and artificial intelligence, we should start to think of the planet as one giant computer, according to Microsoft chief executive Satya Nadella. From a report: "Digital technology, pervasively, is getting embedded in every place: every thing, every person, every walk of life is being fundamentally shaped by digital technology -- it is happening in our homes, our work, our places of entertainment," said Nadella speaking in London. "It's amazing to think of a world as a computer. I think that's the right metaphor for us as we go forward." [...] AI is core to Microsoft's strategy, Nadella said: "AI is the run time which is going to shape all of what we do going forward in terms of applications as well as the platform." Microsoft is rethinking its core products by using AI to connect them together, he said, giving an example of a meeting using translation, transcription, Microsoft's HoloLens and other devices to improve decision-making. "The idea that you can now use all of the computing power that is around you -- this notion of the world as a computer -- completely changes how you conduct a meeting and fundamentally what presence means for a meeting," he said.
            

    Read more of this story at Slashdot.


  • Twitter Is Killing Several of Its TV Apps, Too
    Twitter is shutting down its TV apps on Roku, Android TV and Xbox starting on May 24, the company announced this morning. From a report: The news of the apps' closure comes at a time when Twitter is now trying to steer its users to its first-party mobile apps and its desktop website by killing off apps used by a minority of its user base -- like the Twitter for Mac app it shut down earlier this year. And more recently, it has attempted to kill off popular third-party Mac apps with a series of unfriendly API changes. It's unclear why this has become Twitter's agenda. While it can be a burden for a company to support a broader ecosystem of apps where some only have a niche audience, in some cases those "niche" users are also the most influential and heavy users. And arguably, anyone launching Twitter's app on their TV must be a die-hard user -- because who is really watching that much Twitter on their TV?
            

    Read more of this story at Slashdot.


  • Faster Audio Decoding and Encoding Coming To Ogg and FLAC
    FLAC and Ogg now have faster audio encoding and decoding capabilities thanks to recent code improvements. An anonymous reader writes: Robert Kausch of the fre:ac audio converter project informed news outlet Phoronix about recent changes he has made to FLAC and Ogg for bolstering faster performance. Kausch says he updated the CRC checks within FLAC and Ogg to a faster algorithm and those patches have now been accepted upstream. The Ogg and FLAC updates were merged this week for using the optimized CRC algorithm. As a result of this, encoding and decoding FLAC is now 5 percent faster, while encoding and decoding Ogg FLAC is 10 percent and 15 percent faster, respectively. Opus sees about one percent faster decoding, while Vorbis does decoding at two percent faster pace.
            

    Read more of this story at Slashdot.


  • 90% of Financial Institutions Targeted By Ransomware in the Last Year
    An anonymous reader shares a report: A new report from cloud security specialist Carbon Black, based on responses from CISOs at 40 major financial institutions -- including six of the top 10 global banks -- seeks to better understand the attack landscape. Among the findings are that 90 percent of financial institutions report being the subject of a ransomware attack in 2017. In addition one in 10 respondents report encountering destructive attacks unrelated to ransomware, such as application attacks and fileless malware. These potentially enable cybercriminals to move freely and laterally within an organization's network and often go completely overlooked until it's too late.
            

    Read more of this story at Slashdot.


  • Amazon Pushes Facial Recognition to Police, Prompting Outcry Over Surveillance
    Nick Wingfield, reporting for The New York Times: In late 2016, Amazon introduced a new online service that could help identify faces and other objects in images, offering it to anyone at a low cost through its giant cloud computing division, Amazon Web Services. Not long after, it began pitching the technology to law enforcement agencies, saying the program could aid criminal investigations by recognizing suspects in photos and videos. It used a couple of early customers, like the Orlando Police Department in Florida and the Washington County Sheriff's Office in Oregon, to encourage other officials to sign up. But now that aggressive push is putting the giant tech company at the center of an increasingly heated debate around the role of facial recognition in law enforcement. Fans of the technology see a powerful new tool for catching criminals, but detractors see an instrument of mass surveillance. On Tuesday, the American Civil Liberties Union led a group of more than two dozen civil rights organizations that asked Amazon to stop selling its image recognition system, called Rekognition, to law enforcement. The group says that the police could use it to track protesters or others whom authorities deem suspicious, rather than limiting it to people committing crimes.
            

    Read more of this story at Slashdot.


  • Microsoft To Block Flash In Office 365 Starting January 2019
    An anonymous reader writes: Microsoft plans to soon block Flash, Shockwave, and Silverlight content from activating in Office 365, it said. The block, however, will only be applicable in Office 365 subscription clients -- and not in Office 2016, Office 2013, or Office 2010 distributions, the company added. The change is set to come into effect starting January 2019. This is a full-on block, and not just Microsoft disabling problematic controls with the option to click on a button and view its content, BleepingComputer reports. The block means that Office 365 will prevent Flash, Shockwave, or Silverlight content from playing inside Office documents altogether. Microsoft cited various reasons for taking this decision. It said that malware authors have abused this mechanism for exploit campaigns, but also that Office users rarely used these features. In addition, Microsoft said it was also taking this decision after Adobe announced Flash's end-of-life for 2020.
            

    Read more of this story at Slashdot.


  • 3D Headphone Startup 'Ossic' Closes Abruptly, Leaving Crowdfunders Hanging
    An anonymous reader quotes a report from NPR: Ossic raised more than $3.2 million in crowdfunding for its Ossic X, which it touted as the "first 3D audio headphones calibrated to you." But after delivering devices to only about 80 investors who'd paid at least $999 to for the "Developer/Innovator" rewards level on Kickstarter, Ossic announced Saturday it had run out of money -- leaving the more than 10,000 other backers with nothing but lighter wallets.   Ossic, which The San Diego Union-Tribune notes was founded by former Logitech engineers Jason Riggs and Joy Lyons, had excited gamers, audiophiles and other sound consumers by creating headphones that used advanced 3D audio algorithms, head-tracking technology and individual anatomy calibration to "deliver incredibly accurate 3D sound to your ears," according to its funding campaign on Kickstarter. In less than two months in 2016, it was able to raise $2.7 million from more than 10,000 backers on Kickstarter. It raised another $515,970 on Indiegogo. "This was obviously not our desired outcome," the company said in a statement. "To fail at the five-yard line is a tragedy. We are extremely sorry that we cannot deliver your product and want you to know that the team has done everything possible including investing our own savings and working without salary to exhaust all possibilities."
            

    Read more of this story at Slashdot.


The Register











Phoronix


  • ARM64 Mitigation Posted For Spectre 4 / SSBD
    Following the Intel/AMD Spectre Variant 4 mitigation landing yesterday with "Speculative Store Bypass Disable" (SSBD) and then the POWER CPU mitigation landing today, ARM developers have posted their set of patches for 64-bit ARM CPUs to mitigate against this latest Spectre vulnerability around speculative execution...





  • Qt 5.11 Released With A Big Arsenal Of Updates
    The Qt Company has managed to release Qt 5.11 one week ahead of schedule compared to its original road-map, which is quite a feat considering some of the past Qt5 release delays. Beyond that, Qt 5.11.0 is offering a big slab of improvements...





  • Purism Publishes Librem 5 Dev Kit Details, Small Batch Order Going In Soon
    Purism has published their nearly final specifications on their limited-run Librem 5 Dev Kit. The cutoff for ordering a developer kit is next week as they are placing their hardware order and planning on only this single, limited run of the developer kit prior to the phones becoming available next year...


Polish Linux

  • Essential Software That Are Not Available On Linux OS
    An operating system is essentially the most important component in a computer. It manages the different hardware and software components of a computer in the most effective way. There are different types of operating system and everything comes with their own set of programs and software. You cannot expect a Linux program to have all [0]


  • Things You Never Knew About Your Operating System
    The advent of computers has brought about a revolution in our daily life. From computers that were so huge to fit in a room, we have come a very long way to desktops and even palmtops. These machines have become our virtual lockers, and a life without these network machines have become unimaginable. Sending mails, [0]


  • How To Fully Optimize Your Operating System
    Computers and systems are tricky and complicated. If you lack a thorough knowledge or even basic knowledge of computers, you will often find yourself in a bind. You must understand that something as complicated as a computer requires constant care and constant cleaning up of junk files. Unless you put in the time to configure [0]


  • The Top Problems With Major Operating Systems
    There is no such system which does not give you any problems. Even if the system and the operating system of your system is easy to understand, there will be some times when certain problems will arise. Most of these problems are easy to handle and easy to get rid of. But you must be [0]


  • 8 Benefits Of Linux OS
    Linux is a small and a fast-growing operating system. However, we can’t term it as software yet. As discussed in the article about what can a Linux OS do Linux is a kernel. Now, kernels are used for software and programs. These kernels are used by the computer and can be used with various third-party software [0]


  • Things Linux OS Can Do That Other OS Can’t
    What Is Linux OS?  Linux, similar to U-bix is an operating system which can be used for various computers, hand held devices, embedded devices, etc. The reason why Linux operated system is preferred by many, is because it is easy to use and re-use. Linux based operating system is technically not an Operating System. Operating [0]


  • Packagekit Interview
    Packagekit aims to make the management of applications in the Linux and GNU systems. The main objective to remove the pains it takes to create a system. Along with this in an interview, Richard Hughes, the developer of Packagekit said that he aims to make the Linux systems just as powerful as the Windows or [0]


  • What’s New in Ubuntu?
    What Is Ubuntu? Ubuntu is open source software. It is useful for Linux based computers. The software is marketed by the Canonical Ltd., Ubuntu community. Ubuntu was first released in late October in 2004. The Ubuntu program uses Java, Python, C, C++ and C# programming languages. What Is New? The version 17.04 is now available here [0]


  • Ext3 Reiserfs Xfs In Windows With Regards To Colinux
    The problem with Windows is that there are various limitations to the computer and there is only so much you can do with it. You can access the Ext3 Reiserfs Xfs by using the coLinux tool. Download the tool from the  official site or from the  sourceforge site. Edit the connection to “TAP Win32 Adapter [0]


  • Getting It To Better Stability And Performance
    Every computer user wants their computers to run as smoothly as possible. Here are few tips to ensure that: Clear out all junk files from time to time. Do not overload your computer’s C: drive. Uninstall all unnecessary applications. Remember to use the task manager to check out unnecessary service. Disable the service if you [0]


OSNews

  • Rune - Haiku images on ARM
    Up until recently, Haiku builds for ARM have targetted individual ARM boards. The compile process for ARM images required two things: an architecture, and a target board (such as the Raspberry Pi 2). This board setting adjusted a large number of defines throughout Haiku at compile time to set the operating system up for the target ARM device. The board selection also handled placing all the propriety bits (a lot of which have sketchy licensing) into the Haiku image during compile. Haiku would then have to distribute these files. (sketchy licensing and all)  Over the past few years, François Revol, Ithamar R. Adema, and others have worked to add Flat Device Tree (FDT) support to Haiku. FDT’s enable operating systems to obtain core knowledge of the devices they run on by simply swapping one or more compiled binary files. These files describe critical things the operating system needs to know about the hardware they run on. Really important things such as what devices exist at what memory locations. (Think video frame buffers, serial ports, etc)  In a series of cryptic commits in July 2017, I removed these board-centric build steps with grand plans of making testing (and running) Haiku on ARM devices easier.  No, this does not mean Haiku now runs on ARM, as it has been able to do that for a while now. The goal of these changes and improvements is to speed up development of Haiku's ARM build, and to simplify the distribution of ARM builds into a single, generic ARMv7 image.


  • Hidden sheep and typography archaeology
    Because a typeface is not just its pixels, but also its spacing, I wanted to look at the authentic source material for Chicago. That required some technical archaeology: the original Macintosh, released in 1984, was the first widely available computer that used proportional typography on screen and it had an entirely unique way of storing and managing fonts. (Standards like TrueType didn’t appear until later.)  I have some software background in typography, so I managed to extract the genuine 1984 font data using my 2018 computer. (The details of that part are a bit beside the point but are in the footnote at the bottom if you're interested). Having got the font, bitmap and spacing data for Chicago, I used the same little program to extract all the other Macintosh bitmap fonts.  Fun little bit of typography archeology on the old Macintosh.


  • C is not a low-level language
    In the wake of the recent Meltdown and Spectre vulnerabilities, it's worth spending some time looking at root causes. Both of these vulnerabilities involved processors speculatively executing instructions past some kind of access check and allowing the attacker to observe the results via a side channel. The features that led to these vulnerabilities, along with several others, were added to let C programmers continue to believe they were programming in a low-level language, when this hasn't been the case for decades.  Processor vendors are not alone in this. Those of us working on C/C++ compilers have also participated.


  • The Power Mac G4 Line
    The tower form factor may be a thing of the past, at least until the new Mac Pro shows up next year, but for years, if you needed the most powerful and flexible machine money could buy, the Power Mac was the only way to go.  For almost five years, the heart of the Power Mac was the PowerPC G4 chip. Starting in 1999 it clocked at just 350 MHz, but by the time the Power Mac G4 line was retired, a tower with dual 1.42 GHz CPUs could be ordered. In that time frame, things like Gigabit Ethernet, SuperDrives, and Wi-Fi became mainstream.  I have a soft spot for all Macs from the PowerPC G4 era - back when Apple wasn't boring - and the various models of Power Mac G4 aren't exceptions. I can't really explain why I find PowerPC G4 Macs so appealing, even to this day - all I know is that I am dead-set on collecting a number of them, especially those I couldn't ever afford when they were new.


  • Google and Microsoft disclose new CPU flaw
    Microsoft and Google are jointly disclosing a new CPU security vulnerability that's similar to the Meltdown and Spectre flaws that were revealed earlier this year. Labelled Speculative Store Bypass (variant 4), the latest vulnerability is a similar exploit to Spectre and exploits speculative execution "that modern CPUs use. Browsers like Safari, Edge, and Chrome were all patched for Meltdown earlier this year, and Intel says these mitigations are also applicable to variant 4 and available for consumers to use today."  However, unlike Meltdown (and more similar to Spectre) this new vulnerability will also include firmware updates for CPUs that could affect performance. Intel has already delivered microcode updates for Speculative Store Bypass in beta form to OEMs, and the company expects them to be more broadly available in the coming weeks. The firmware updates will set the Speculative Store Bypass protection to off-by-default, ensuring that most people won’t see negative performance impacts.  This cat ain't going back in no bag anytime soon.


  • Windows 95 could run Windows 3.1 in a virtual machine
    And the second The Old New Thing story, about adding a Windows 3.1 virtual machine to Windows 95.  As the Windows 95 project started to come together, I was approached to undertake a special project: Run Windows 3.1 in an MS-DOS virtual machine inside Windows 95.  This was the ultimate in backward compatibility, along multiple axes.  First of all, it was a demonstration of Windows 95's backward compatibility by showing that it could even use an emulated MS-DOS virtual machine to run the operating system it was designed to replace.  Second, it was the ultimate backward compatibility ripcord. If you had a program that simply wouldn't work with Windows 95 for whatever reason, you could fire up a copy of Windows 3.1 in a virtual machine and run the program there.  To use it, you installed Windows 3.1 and Windows 95 into separate directories, and then made a few edits to the Windows 3.1 SYSTEM.INI file to replace the mouse and serial drivers with special versions. There were some other preparatory steps that had to be done, but eventually you got to the point where you could double-click the Windows 3.1 icon, and up came Windows 3.1 in an MS-DOS virtual machine.  This is quite similar to how Windows 3.x worked in OS/2 at the time.


  • Why is Windows ZIP support stuck at the turn of the century?
    I've got two fun The Old New Thing stories for you today, starting with a story about Windows' ZIP file support.  Every so often, a customer will ask whether Windows Compressed Folders (Zip folders) supports something fancy like AES encryption, and we have to shake our head and apologize. "Sorry, no."  Why this sad state of affairs?  The compression and decompression code for Zip folders was licensed from a third party. This happened during the development of Windows XP. This means that the feature set of Zip folders was locked to whatever features were hip and cool as of around the year 2000.  You'd think Windows would eventually start supporting other archive formats as well, but no.


  • 299 macOS apps are so buggy, Apple fixes them in AppKit
    What do Photoshop, Matlab, Panic Transmit, and Eclipse have in common? They are among the 299 apps for which macOS applies compatibility fixes.  Here's the full list of bundle IDs, along with the functions that checks for them, and the first caller to those functions. It's also available in CSV format.  Note that this is just a list of apps Apple has developed compatibility tweaks to make them run on newer macOS versions. As the list demonstrates, even the best apps often needs some tweaks on newer macOS. In addition, most of these patches are only applied to older versions of apps.  Here's how I extracted the list, and some interesting things I found in it.  This is absolutely fascinating, and provides some amazing insight into which applications Apple considers crucial to the macOS user experience and platform. We all know Windows performs various tricks to maintain backwards compatibility, but I had no idea Apple went to decent lengths too for the same reasons.


  • Google makes two different versions of Android
    We go through this every time a new version comes to Google's own phones while we wait for it to come to the rest. And the outcome is always the same - Pixel phones (and previous Nexus phones) look the way Google wants them to look and the rest of the phones look however the company that made them want them to look. That's because you can't see Android - it's simply software that supports the things you're looking at.  It's confusing. And tech bloggers (myself included) don't help ease the confusion very well when we write about the things we see on a software update for the Pixel. It's too difficult to try and break everything down every time we write something, and while we are good at a lot of things, we tend to shy away from "difficult". To compound it all, when we do try to break "Android" down, we usually make it worse. I'm going to try here because I'm feeling courageous and want to face "difficult" head on today. If I don't come back, tell my wife I love her.  Android is quite a complicated term, entity, and operating system.


  • Razer Phone XDA display analysis
    When contemplating who’d be a major player in the Android smartphone business, the gaming hardware giant Razer probably doesn’t come to mind. While they have yet to establish themselves as a reliable smartphone provider, Razer’s first attempt did not at all seem like it was their first time dabbling into Android, likely because much of their engineering team came from Nextbit. Razer leveraged their status in gaming hardware to appeal to those who game, and those who game hold high refresh rate monitors in high regard. So Razer put one on a smartphone.  This article takes a close look at the Razor phone's display, which is rather unique among Android phones for its 120Hz refresh rate (iPhones have 120Hz displays as well).


Linux Journal - The Original Magazine of the Linux Community

  • Examining Data Using Pandas
    by Reuven M. Lerner   
    You don't need to be a data scientist to use Pandas for some basic analysis.

    Traditionally, people who program in Python use the data types that come with the language, such as integers, strings, lists, tuples and dictionaries. Sure, you can create objects in Python, but those objects typically are built out of those fundamental data structures.

    If you're a data scientist working with Pandas though, most of your time is spent with NumPy. NumPy might feel like a Python data structure, but it acts differently in many ways. That's not just because all of its operations work via vectors, but also because the underlying data is actually a C-style array. This makes NumPy extremely fast and efficient, consuming far less memory for a given array of numbers than traditional Python objects would do.

    The thing is, NumPy is designed to be fast, but it's also a bit low level for some people. To get more functionality and a more flexible interface, many people use Pandas, a Python package that provides two basic wrappers around NumPy arrays: one-dimensional Series objects and two-dimensional Data Frame objects.

    I often describe Pandas as "Excel within Python", in that you can perform all sorts of calculations as well as sort data, search through it and plot it.

    For all of these reasons, it's no surprise that Pandas is a darling of the data science community. But here's the thing: you don't need to be a data scientist to enjoy Pandas. It has a lot of excellent functionality that's good for Python developers who otherwise would spend their time wrestling with lists, tuples and dictionaries.

    So in this article, I describe some basic analysis that everyone can do with Pandas, regardless of whether you're a data scientist. If you ever work with CSV files (and you probably do), I definitely recommend thinking about using Pandas to open, read, analyze and even write to them. And although I don't cover it in this article, Pandas handles JSON and Excel very well too.
     Creating Data Frames
    Although it's possible to create a data frame from scratch using Python data structures or NumPy arrays, it's more common in my experience to do so from a file. Fortunately, Pandas can load data from a variety of file formats.

    Before you can do anything with Pandas, you have to load it. In a Jupyter notebook, do:
      %pylab inline import pandas as pd  
    For example, Python comes with a csv module that knows how to handle files in CSV (comma-separated value) format. But, then you need to iterate over the file and do something with each of those lines/rows. I often find it easier to use Pandas to work with such files. For example, here's a CSV file:
      a,b,c,d e,f,g,h "i,j",k,l,m n,o.p,q  
    You can turn this into a data frame with:
        Go to Full Article          


  • Last Call for Purism's Librem 5 Dev Kits, Git Protocol Version 2 Released, LXQt Version 0.13.0 Now Available and More

    Purism announces last call for its Librem 5 dev kits. If you're interested in the hardware that will be the platform for the Librem 5 privacy-focused phones, place your order by June 1, 2018. The dev kit is $399, and it includes "screen, touchscreen, development mainboard, cabling, power supply and various sensors (free worldwide shipping)".

    The Google Open Source Blog recently announced the release of Git protocol version 2. This release brings improvements to server-side reference filtering, easy extensibility for new features and simplified client handling of the http transport. See the full list of changes here.

    The LXQt team yesterday announced the release of version 0.13.0 of its Lightweight Qt Desktop Environment. Highlights include "all packages are ready for Qt 5.11, out-of-source builds are now mandatory, libfm-qt is made more self-sufficient" and more.

    Red Hat announced this morning its collaboration with Juniper Networks to combine Juniper's Contrail Enterprise Multicloud and Red Hat's OpenShift Container and OpenStack Platforms to "deliver an open-source based, multicloud alternative to proprietary platforms".

    The Debian Project announced recently that "regular security support for Debian GNU/Linux 8 (code name "jessie") will be terminated on the 17th of June".

    The Khronos Group yesterday announced "its engagement of Au-Zone Technologies to enable the NNEF (Neural Network Exchange Format) standard files to be used with leading machine learning training frameworks". See the Press Release for all the details on the Khronos Group and Au-Zone's development of open-source TensorFlow and Caffe2 Converters for NNEF.
          News  Purism  Git  LXQt  Desktop  Red Hat  Cloud  Containers  Debian  Machine Learning                   


  • Cookies That Go the Other Way
    by Doc Searls   
    The web—or at least the one we know today—got off on the wrong hoofs. Specifically, I mean with client-server, a distributed application structure that shouldn't subordinate one party to an other, but ended up doing exactly that, which is why the web today looks like this:



    Clients come to servers for the milk of HTML, and get cookies as well.

    The original cookie allowed the server to remember the client when it showed up again. Later the cookie would remember other stuff: for example, that the client was a known customer with a shopping cart.

    Cookies also came to remember fancier things, such as that a client has agreed to the server's terms of use.

    In the last decade, cookies also arrived from third parties, some for site analytics but mostly so clients could be spied on as they went about their business elsewhere on the web. The original purpose was so those clients could be given "relevant" and "interest-based" advertising. What matters is that it was still spying and a breach of personal privacy, no matter how well its perpetrators rationalize it. Simply put, websites and advertisers' interests end at a browser's front door. (Bonus link: The Castle Doctrine.)

    Thanks to the EU's General Data Protection Regulation (GDPR), which comes into full force this Friday, that kind of spying is starting to look illegal. (Though loopholes will be found.) Since there is a world of fear about that, 99.x% of GDPR coverage is about how the new regulation affects the sites and services, and what they can do to avoid risking massive fines for doing what many (or most) of them shouldn't have been doing in the first place.

    But the problem remains structural. As long as we're just "users" and "consumers," we're stuck as calves.

    But we don't have to be. The web's underlying protocol, HTTP, is distributed and collaborative. It doesn't say we need to be subordinate to websites, always consenting to those sites' terms and policies. It doesn't even say we have to be calves to the websites' cows. Consent can go the other way.

    And so can cookies. So let's bake some.
        Go to Full Article          


  • VMware Announces OpenStack 5, Tesla Releases Some Source Code, KDE's Plasma 5.13 Beta and More

    News briefs for May 21, 2018.

    VMware today announced its new OpenStack 5. According to the press release, "VMware Integrated OpenStack 5 will be one of the first commercial OpenStack distributions to comply with the OpenStack Foundation's 2018.02 interoperability guidelines. An active member of the OpenStack community, VMware packages, tests, and supports all major components of the distribution, including the full open source OpenStack code in a multi-cloud architecture."

    Tesla has released some of the source code for its in-car tech. Engadget reports that the company "has posted the source code for both the material that builds the Autopilot system image as well as the kernels for the Autopilot boards and the NVIDIA Tegra-based infotainment system used in the Model S and Model X."

    KDE's Plasma team released Plasma 5.13 beta late last week: "We have spent the last four months optimising startup and minimising memory usage, yielding faster time-to-desktop, better runtime performance and less memory consumption. Basic features like panel popups were optimised to make sure they run smoothly even on the lowest-end hardware. Our design teams have not rested either, producing beautiful new integrated lock and login screen graphics."

    The Linux 4.18 kernel will have the Steam Controller driver that will work without needing the Steam client or other third-party applications. Phoronix reports that "HID subsystem maintainer Jiri Kosina has now queued this Valve Steam Controller driver into his HID-next tree for Linux 4.18. This HID driver will expose the Steam Controller as a virtual mouse, virtual keyboard, and custom HID device(s). In turn this should allow the Steam Controller to work happily with any Linux application."

    SoftMaker recently released SoftMaker FreeOffice 2018, the newest version of its free software. SoftMaker says "with FreeOffice 2018 you can not only open, but also save documents in the Microsoft file formats DOCX, XLSX and PPTX. Share files directly with Microsoft Office users, without having to export them first!" Note that although it is free to download and use, FreeOffice is not open source.

    WordPress recently announced its latest release, 4.9.6, which is a privacy and maintenance release intended to help users be GDPR-compliant. The WordPress blog notes "We're committed to supporting site owners around the world in their work to comply with this important law. As part of that effort, we've added a number of new privacy features in this release."
          News  VMware  OpenStack  KDE  Steam  WordPress  GDPR  Desktop                   


  • Nextcloud 13: How to Get Started and Why You Should
    by Marco Fioretti   
    Nextcloud could be the first step toward replacing proprietary services like Dropbox and Skype.

    In its simplest form, the Nextcloud server is "just" a personal, free software alternative to services like Dropbox or iCloud. You can set it up so your files are always accessible via the internet, from wherever you are, and share them with your friends. However, Nextcloud can do so much more.

    In this article, I first describe what the Nextcloud server is and how to install and set it up on GNU/Linux systems. Then I explain how to configure the optional Nextcloud features, which may be the first steps toward making Nextcloud the shell of a complete replacement for many proprietary platforms existing today, such as Dropbox, Facebook and Skype.

    Figure 1. A safe home for all your data that all your devices can reach—that's what Nextcloud wants to be.
     Why Nextcloud and Not ownCloud?
    Nextcloud, whose version 13 was released in February 2018, was spun off the popular ownCloud project in 2016, out of licensing and other disagreements. See the Resources section for some of the most complete feature-by-feature comparisons between Nextcloud and ownCloud. The most basic capabilities are still almost identical, two years after the fork. Some of the functions described here, however, are easier to integrate in Nextcloud than in its ancestor. In addition, my personal reasons for recommending Nextcloud over ownCloud are the following:
     Licensing and pricing policies: all the official components of Nextcloud are both free as in freedom and as in free beer. You pay only for support and update services. That's not the case with ownCloud.    Long-term roadmap: at the moment, ownCloud seems to be more focused on corporate customers and more relevant for investors, while Nextcloud seems to be more focused on extending "direct" user-to-user communication and cooperation features. 
     Figure 2. The Original Nextcloud/ownCloud Functions: File and Picture Storage, Dropbox-Style
     A Word on Security
    Several good reasons to choose Nextcloud as the online home for your own files and data are related to security. I don't cover them in detail in this introductory article, but I want to mention at least some of them.

    Nextcloud refuses continuous (that is, malicious) attempts to authenticate from any computer, except those whose IP addresses are included in "brute-force IP whitelists". (Of course, the best possible whitelist you can configure is an empty one.)
        Go to Full Article          


  • Weekend Reading: Backups
    by Carlie Fairchild   
    Public Service Announcement: please do a backup if you haven't in awhile. This weekend we feature articles varying from scary backup stories to how-to safeguard your data with encrypted backup solutions. 

     

    Scary Backup Stories

    by Paul Barry

    Backups. We all know the importance of making a backup of our most important systems. Unfortunately, some of us also know that realizing the importance of performing backups often is a lesson learned the hard way. Everyone has their scary backup stories. Here are mine.

     

    Reliable, Inexpensive RAID Backup

    by Brian C. Lane

    As a topic, backups is one of those subject likely to elicit as many answers as people you ask about it. It is as personal a choice as your desktop configuration or your operating system. So in this article I am not even going to attempt to cover all the options. Instead I describe the methods I use for building a reliable, useful backup system. This solution is not the right answer for everyone, but it works well for my situation.

     

    LVM and Removable IDE Drives Backup System

    by Mike Fogarty

    When the company I work for, a civil engineering and surveying firm, decided to move all its AutoCad drawings onto a central fileserver, we were presented with a backup situation orders of magnitude larger than anything we had confronted before. We had at that time (now considerably larger) about 120,000 files, totaling 200GB, that were in active change and needed to be backed up at least daily.

    My first thoughts were of some sort of tape backup system, but as I began to research them, I was shocked at the prices I encountered. A tape autoloader large enough to contain our filesystem ran about $12,000 and a 40Gig tape was $89. When I first convinced my boss to let me run Linux on our servers, cheap was a big selling point. So, what are the alternatives?

     

    Backup and Update

    by Shawn Powers

    In this video, editor Shawn Powers shows us how to do a basic backup in Linux. Or as he puts it, a public service announcement to please do a backup if you haven't in awhile!

     

     

     
        Go to Full Article          



  • Purism's New Purekey OpenPGP Security Token, Windows 10 Now Includes OpenSSH, Vim 8.1 Released and More

    News briefs for May 18, 2018.

    Purism, maker of the security-focused Librem laptops, announced yesterday it has partnered with Nitrokey to create Purekey, "Purism's own OpenPGP security token designed to integrate with its hardware and software. Purekey embodies Purism's mission to make security and cryptography accessible where its customers hold the keys to their own security." You can purchase a Purekey by itself or as an add-on with a laptop order. According to Purism's CSO Kyle Rankin, "By keeping your encryption keys on a Purekey instead of on a hard drive, your keys never leave the tamper-proof hardware. This not only makes your keys more secure from attackers, it makes using your keys on multiple devices more convenient."

    The latest update of Windows 10 includes OpenSSH. ZDNet  reports this has been in the works since 2015 due to user requests. Also, third-party SSH clients like Putty no longer will be necessary to connect to a system with SSH.

    Vim 8.1 is now available. The major new feature of this release is that you now can run a terminal in a Vim window, which allows you to do things like run a command (like make) while editing in other windows or "use the new terminal debugger plugin for debugging inside Vim".

    0 A.D., the "open-source ancient warfare game", has a new release, Alpha 23. Phoronix reports that this "RTS game in its latest alpha release features a new civilization, new models, improved AI behavior, a mod downloader, new random maps, and other changes to enhance the game-play for this game that's been open-source for nearly a decade."

    Valve launched the Steam Link App for Android devices yesterday. The app "allows gamers to experience their Steam library of games on their Android (phone, tablet, and TV) devices while connected to the same 5Ghz network or wired Ethernet as their Steam gaming computer (PC, Linux, Mac)". You can get the app here. (Source: Phoronix.)
          News  Security  Purism  Hardware  OpenSSH  Microsoft  Vim  gaming  Mobile  Android                   


  • AsteroidOS 1.0 Released, Net Neutrality Update, Qt 3D Studio 2.0 Beta Now Available and More

    News briefs for May 17, 2018.

    AsteroidOS 1.0 is now available. Released yesterday, the open-source operating system for smartwatches is finally available after four years in the works. As posted on the AsteroidOS website, "AsteroidOS is built on standard Linux technologies including OpenEmbedded, opkg, Wayland, Qt5, systemd, BlueZ, and PulseAudio. This makes it the ideal platform to build any sort of wearable project you can imagine. Do you want to run Docker on your watch? AsteroidOS can do it. Do you want to run Quake on your watch? AsteroidOS can do that too. The sky is really the limit! Our community welcomes anyone interested in playing with a smartwatch project."

    Yesterday the Senate voted to reverse the net neutrality repeal. As reported by Ars Technica and elsewhere, if the Congressional Review Act "is approved by the House and signed by President Trump, Internet service providers would have to continue following rules that prohibit blocking, throttling, and paid prioritization." If Congress doesn't act, the net neutrality rules expire on June 11.

    Qt 3D Studio 2.0 beta was released yesterday. This release includes a new runtime and viewer application, improved data input, editor improvements and more.

    Have a release party for openSUSE Leap 15. See the openSUSE page for how you can help the community spread the word, and see the Launch Party Wiki to sign up and add your party to the map. openSUSE Leap 15 launches May 25, 2018.

    Linspire Server 2018 was released this week. Linspire Server is based on Ubuntu Server 16.04 and is intended for small to medium-size businesses and schools. It is fee to download and use under a self-support license.
          News  AsteroidOS  Embedded  Qt  openSUSE  Linspire                   


  • Generating Good Passwords, Part I
    by Dave Taylor   
    Dave starts a new method for generating secure passwords with the help of 1Password.

    A while back I shared a script concept that would let you enter a proposed password for an account and evaluate whether it was very good (well, maybe "secure" would be a better word to describe the set of tests to ensure that the proposed password included uppercase, lowercase, a digit and a punctuation symbol to make it more unguessable).

    Since then, however, I've really been trying personally to move beyond mnemonic passwords of any sort to those that look more like gobbledygook. You know what I mean—passwords like fRz3li,4qDP? that turn out to be essentially random and, therefore, impossible to crack using any sort of dictionary attack.

    Aiding me with this is the terrific password manager 1Password. You can learn more about it here, but the key feature I'm using is a combination of having it securely store my passwords for hundreds of websites and having a simple and straightforward password generator feature (Figure 1).

    Figure 1. 1Password Password Generation System

    If I'm working on the command line, however, why pop out to the program to get a good password? Instead, a script can do the same thing, particularly if I again tap into the useful $RANDOM shortcut for generating random numbers.
     Generating Secure Passwords
    The easiest way to fulfill this task is to have a general-purpose approach to generating a random element from a specific set of possibilities. So, a random uppercase letter might be generated like this:
      uppers="ABCDEFGHIJKLMNOPQRSTUVWXYZ"  letter=${uppers:$(( $RANDOM % 26 )):1}  
    The basic notational convention used here is the super handy Bash shell variable slicing syntax of:
      ${variable:startpoint:charcount}  
    To get the first character only of a variable, for example, you can simply reference it as:
      ${variable:1:1}  
    That's easy enough. Instead of a fixed reference number, however, I'm using $(( $RANDOM % 26 )) as a way to generate a value between 0–25 that's different each time.

    Add strings that contain all the major character classes you seek and you've got a good start:
      lowers="abcdefghijklmnopqrstuvwxyz" digits="0123456789" punct="()./?;:[{]}|=+-_*&^%$#@!~" # skip quotes  
    To get even fancier, there's another notation ${#variable} that returns the number of characters in a variable, so the following shows that there are 24 characters in that particular string:
        Go to Full Article          


Linux Magazine » Channels



  • Extended File Attributes Rock!
    Worldwide, data is growing at a tremendous rate. However, one recent study has pointed out that the size of files is not necessarily growing at the same rate; meaning the number of files is growing rapidly. How do we manage all of this data and files? While the answer to that question is complex, one place we can start is with Extended File Attributes. Continue reading ”


  • Checksumming Files to Find Bit-Rot
    In a previous article extended file attributes were presented. These are additional bits of metadata that are tied to the file and can be used in a variety of ways. One of these ways is to add checksums to the file so that corrupted data can be detected. Let's take a look at how we can do this including some simple Python examples. Continue reading ”



  • What’s an inode?
    As you might have noticed, we love talking about file systems. In these discussions the term "inode" is often thrown about. But what is an inode and how does it relate to a file system? Glad you asked. Continue reading ”




  • Emailing HPC
    Email is not unlike MPI. The similarities may help non-geeks understand parallel computers a little better. Continue reading ”



Page last modified on November 02, 2011, at 10:01 PM