Skip to main content

Cerca

Elementi taggati con: GNUlinux


 
Purism making progress on Librem5 SmartPhone

Immagine/foto

more latest news on: https://puri.sm/news/




Progress has been quick and steady, and because we only use components that respect both our ethical values and your personal privacy and freedoms, you can imagine the layers of complexity that go into delivering such a revolutionary mobile phone – from new hardware to a new kernel, from a new operating system to new applications, all of it culminating into the Librem 5 phone.

We want you to have the best possible solutions when it comes both to hardware, and to user experience.
Being able to show that what we’re doing corresponds to our exact intentions is very important, for it will allow you to see this progress for yourself–and we do think the video below, running on the Librem 5 dev kit hardware we shipped in December, speaks volumes.

The Librem 5 devkit running PureOS


https://puri.sm/wp-content/uploads/2019/02/devkit-demo.webm

„What you just saw in the video is the prototype of the Librem 5 hardware, and it has nearly identical specs to the ones we are putting into production later this year.

And, as you can see, it is running our own PureOS mobile operating system – we’re proud to show off the fact that the Librem 5 is not built on Android, nor iOS.

All the basic functionality is still in pre-release state, and more progress is constantly happening around-the-clock, which means even more apps are making it into the PureOS Store regularly.

Purism’s CEO Todd Weaver Testifies at California Congressional Privacy Commission


February 21, 2019

https://puri.sm/wp-content/uploads/2019/02/todd-weaver-purism-spc-california-privacy-commission-testimony-2019-02-20.ogg

Q3 2019 – shipping the Librem 5


But all this leads us to the aforementioned (one quarter) shipping adjustment: the previous Q2 estimate is now confirmed for Q3 product shipping:

This accounts for the time it took us to properly benchmark test the newest CPU choices from NXP for the Librem 5, and the question of whether or not to choose the i.MX 8M Quad or the i.MX 8M Mini, mean we have adjusted our delivery plans slightly.

As we previously announced, the i.MX 8M Quad CPU had known errata issues in the silicon itself, and this was the root cause for the delay, detour and need for research about potential alternatives.

On one hand, the i.MX 8M Quad silicon issues meant not only that the temperature of the battery was way too high, but also that it could discharge too quickly. On the other hand, the i.MX 8M Mini is made in an updated silicon process (14nm instead of 28nm) and has reduced features, resulting in a lower power consumption–but it’s new, and there could be unknown issues and risks. So a lot of research was made, and our development team started evaluating the i.MXM8 Mini to see if it could be used within our requirements–free software only, no binary blobs, mainline based software stacks.

And then the month of February began, and something else unexpectedly happened: NXP released a new software stack for our first CPU choice, the i.MX 8M–and all of the power consumption and heating issues suddenly disappeared!

CPU and Specs


So here we are, on track again after a little delay–quite a useful delay, because now we know. We know a lot more about the i.MX 8M Quad CPU we chose, and a little bit more about a possible alternative. We have chosen the i.MX 8M Quad CPU because the power consumption issues can be dealt with in software… and ultimately that means we don’t have to change the hardware to solve this issue. Full fabrication will begin for the Librem 5 with the specifications we described before:

Librem5

Display5.5″ – 5.7″ HD displayProcessoriMX8M Quad CPUStorage32 GB eMMC internal storageWireless802.11abgn 2.4 Ghz / 5Ghz + Bluetooth 4BasebandGemalto PLS8 3G/4G modem w/ single sim on replaceable M.2 cardGPSTESEO LIF3 multiconstellation GNSS receiverSmartcard2FF format smart cardsKill Switches3 – WiFi, Cellular, Microphone/Cameras (all 3 will turn off GPS)External StoragemicroSD storage expansionAccelerometer9-axis IMU (gyro, accel, magnetometer)Front CameraTBDBack CameraTBDVibration MotorYesChargingUSB C connector for charging, USB client function, USB host function, power deliveryBatteryUser replaceableSpeakersat least oneDelivering on our Promise


As you have come to know, Purism will always keep you posted – about the impressive progress we are making, about any issues, major or minor, that come along. And ultimately, this CPU choice has many opportunities – ones that will change the future of computing for the better, for this decision does come with certain advantages in the long term. The i.MX8M Quad is the most powerful CPU that has both a good operating temperature and a good battery life. Having chosen the best possible CPU will provide us, and you, with an overall better hardware experience, with better capabilities and a shorter integration path–meaning, the integration with the software platform.

Rapid Development Continues


Software development continues to move forward quickly. Amazingly quickly. In the past few months, we’ve seen astonishing software progress, and we are now able to take advantage of it. Finally, the extra time for Librem 5 hardware fabrication will benefit software advancements that continue without slowdown, such as quality testing, providing a greater number of default apps, and community advancements made on our Librem 5 dev kit.

Excitement Increases


We recognize the importance of the Librem 5 phone and all the interest you have around it, you can rest assured. Based on our historic delivery on our promises, we feel more comfortable in advancing towards the delivery of the Librem 5 phone in the third quarter of 2019. We are also immensely grateful for all the support we’ve been receiving, both on our forums and on social media, and so proud of the progress our team is making; grateful to our community for supporting our efforts as we work diligently to get the Librem 5—and all its societal benefits—into people’s hands. We think that both our team and the community deserve the very best.

(src: purism.sm)

\#linux #gnu #gnulinux #opensource #administration #sysops #freehardware #purism #phone #smartphone #mobile #librem #librem5 #opensourcehardware #privacy #surveillance #bigdata
Quelle: https://dwaves.org/2019/02/27/purism-making-progress-on-librem5-smartphone/
Purism making progress on Librem5 SmartPhone


 
Purism making progress on Librem5 SmartPhone

Immagine/foto

more latest news on: https://puri.sm/news/




Progress has been quick and steady, and because we only use components that respect both our ethical values and your personal privacy and freedoms, you can imagine the layers of complexity that go into delivering such a revolutionary mobile phone – from new hardware to a new kernel, from a new operating system to new applications, all of it culminating into the Librem 5 phone.

We want you to have the best possible solutions when it comes both to hardware, and to user experience.
Being able to show that what we’re doing corresponds to our exact intentions is very important, for it will allow you to see this progress for yourself–and we do think the video below, running on the Librem 5 dev kit hardware we shipped in December, speaks volumes.

The Librem 5 devkit running PureOS


https://puri.sm/wp-content/uploads/2019/02/devkit-demo.webm

„What you just saw in the video is the prototype of the Librem 5 hardware, and it has nearly identical specs to the ones we are putting into production later this year.

And, as you can see, it is running our own PureOS mobile operating system – we’re proud to show off the fact that the Librem 5 is not built on Android, nor iOS.

All the basic functionality is still in pre-release state, and more progress is constantly happening around-the-clock, which means even more apps are making it into the PureOS Store regularly.

Purism’s CEO Todd Weaver Testifies at California Congressional Privacy Commission


February 21, 2019

https://puri.sm/wp-content/uploads/2019/02/todd-weaver-purism-spc-california-privacy-commission-testimony-2019-02-20.ogg

Q3 2019 – shipping the Librem 5


But all this leads us to the aforementioned (one quarter) shipping adjustment: the previous Q2 estimate is now confirmed for Q3 product shipping:

This accounts for the time it took us to properly benchmark test the newest CPU choices from NXP for the Librem 5, and the question of whether or not to choose the i.MX 8M Quad or the i.MX 8M Mini, mean we have adjusted our delivery plans slightly.

As we previously announced, the i.MX 8M Quad CPU had known errata issues in the silicon itself, and this was the root cause for the delay, detour and need for research about potential alternatives.

On one hand, the i.MX 8M Quad silicon issues meant not only that the temperature of the battery was way too high, but also that it could discharge too quickly. On the other hand, the i.MX 8M Mini is made in an updated silicon process (14nm instead of 28nm) and has reduced features, resulting in a lower power consumption–but it’s new, and there could be unknown issues and risks. So a lot of research was made, and our development team started evaluating the i.MXM8 Mini to see if it could be used within our requirements–free software only, no binary blobs, mainline based software stacks.

And then the month of February began, and something else unexpectedly happened: NXP released a new software stack for our first CPU choice, the i.MX 8M–and all of the power consumption and heating issues suddenly disappeared!

CPU and Specs


So here we are, on track again after a little delay–quite a useful delay, because now we know. We know a lot more about the i.MX 8M Quad CPU we chose, and a little bit more about a possible alternative. We have chosen the i.MX 8M Quad CPU because the power consumption issues can be dealt with in software… and ultimately that means we don’t have to change the hardware to solve this issue. Full fabrication will begin for the Librem 5 with the specifications we described before:

Librem5

Display5.5″ – 5.7″ HD displayProcessoriMX8M Quad CPUStorage32 GB eMMC internal storageWireless802.11abgn 2.4 Ghz / 5Ghz + Bluetooth 4BasebandGemalto PLS8 3G/4G modem w/ single sim on replaceable M.2 cardGPSTESEO LIF3 multiconstellation GNSS receiverSmartcard2FF format smart cardsKill Switches3 – WiFi, Cellular, Microphone/Cameras (all 3 will turn off GPS)External StoragemicroSD storage expansionAccelerometer9-axis IMU (gyro, accel, magnetometer)Front CameraTBDBack CameraTBDVibration MotorYesChargingUSB C connector for charging, USB client function, USB host function, power deliveryBatteryUser replaceableSpeakersat least oneDelivering on our Promise


As you have come to know, Purism will always keep you posted – about the impressive progress we are making, about any issues, major or minor, that come along. And ultimately, this CPU choice has many opportunities – ones that will change the future of computing for the better, for this decision does come with certain advantages in the long term. The i.MX8M Quad is the most powerful CPU that has both a good operating temperature and a good battery life. Having chosen the best possible CPU will provide us, and you, with an overall better hardware experience, with better capabilities and a shorter integration path–meaning, the integration with the software platform.

Rapid Development Continues


Software development continues to move forward quickly. Amazingly quickly. In the past few months, we’ve seen astonishing software progress, and we are now able to take advantage of it. Finally, the extra time for Librem 5 hardware fabrication will benefit software advancements that continue without slowdown, such as quality testing, providing a greater number of default apps, and community advancements made on our Librem 5 dev kit.

Excitement Increases


We recognize the importance of the Librem 5 phone and all the interest you have around it, you can rest assured. Based on our historic delivery on our promises, we feel more comfortable in advancing towards the delivery of the Librem 5 phone in the third quarter of 2019. We are also immensely grateful for all the support we’ve been receiving, both on our forums and on social media, and so proud of the progress our team is making; grateful to our community for supporting our efforts as we work diligently to get the Librem 5—and all its societal benefits—into people’s hands. We think that both our team and the community deserve the very best.

(src: purism.sm)

\#linux #gnu #gnulinux #opensource #administration #sysops #freehardware #purism #phone #smartphone #mobile #librem #librem5 #opensourcehardware #privacy #surveillance #bigdata
Quelle: https://dwaves.org/2019/02/27/purism-making-progress-on-librem5-smartphone/
Purism making progress on Librem5 SmartPhone


 

Image/Photo Publication de la mise à jour de Debian 9.7

Le projet Debian a l'honneur d'annoncer la septième mise à jour de sa distribution stable Debian 9 (nommée "Stretch"). Cette mise à jour intègre la récente mise à jour de sécurité pour APT, afin d'assurer que les nouvelles installations de Stretch ne sont pas vulnérables. Aucune autre mise à jour n'est incluse.

De nouvelles images d'installation seront prochainement disponibles à leurs emplacements habituels.

Mettre à jour une installation vers cette révision peut se faire en faisant pointer le système de gestion de paquets sur l'un des nombreux miroirs HTTP de Debian. Du fait de la nature de la mise à jour incluse, il est recommandé de suivre les instructions mentionnées dans DSA-4371.
(...)

URL


Liste complète des paquets qui ont été modifiés dans cette version :
http://ftp.debian.org/debian/dists/stretch/ChangeLog

Adresse de l'actuelle distribution stable :
http://ftp.debian.org/debian/dists/stable/

Mises à jour proposées à la distribution stable :
http://ftp.debian.org/debian/dists/proposed-updates

Informations sur la distribution stable (notes de publication, errata, etc.) :
https://www.debian.org/releases/stable/

Annonces et informations de sécurité :
https://security.debian.org/
#debian #linux #gnu-linux #gnulinux #mise-à-jour #miseàjour #mise-a-jour #miseajour #annonce #système-d-exploitation #systèmedexploitation #systeme-d-exploitation #systemedexploitation


 

Image/Photo Publication de la mise à jour de Debian 9.7

Le projet Debian a l'honneur d'annoncer la septième mise à jour de sa distribution stable Debian 9 (nommée "Stretch"). Cette mise à jour intègre la récente mise à jour de sécurité pour APT, afin d'assurer que les nouvelles installations de Stretch ne sont pas vulnérables. Aucune autre mise à jour n'est incluse.

De nouvelles images d'installation seront prochainement disponibles à leurs emplacements habituels.

Mettre à jour une installation vers cette révision peut se faire en faisant pointer le système de gestion de paquets sur l'un des nombreux miroirs HTTP de Debian. Du fait de la nature de la mise à jour incluse, il est recommandé de suivre les instructions mentionnées dans DSA-4371.
(...)

URL


Liste complète des paquets qui ont été modifiés dans cette version :
http://ftp.debian.org/debian/dists/stretch/ChangeLog

Adresse de l'actuelle distribution stable :
http://ftp.debian.org/debian/dists/stable/

Mises à jour proposées à la distribution stable :
http://ftp.debian.org/debian/dists/proposed-updates

Informations sur la distribution stable (notes de publication, errata, etc.) :
https://www.debian.org/releases/stable/

Annonces et informations de sécurité :
https://security.debian.org/
#debian #linux #gnu-linux #gnulinux #mise-à-jour #miseàjour #mise-a-jour #miseajour #annonce #système-d-exploitation #systèmedexploitation #systeme-d-exploitation #systemedexploitation


 
Retro Computing

https://twitter.com/destroyed4com4t/status/1086894760411820032

\#linux #gnu #gnulinux #opensource #administration #sysops #hardware #oldschool #freehardware
Quelle: https://dwaves.org/2019/01/20/retro-computing/
Retro Computing


 
Retro Computing

https://twitter.com/destroyed4com4t/status/1086894760411820032

\#linux #gnu #gnulinux #opensource #administration #sysops #hardware #oldschool #freehardware
Quelle: https://dwaves.org/2019/01/20/retro-computing/
Retro Computing


 
Image/Photo
Image/Photo
reparierBar
#reparieren statt wegwerfen
Am nächsten Samstag 24. Nov. 10-16h ist #reparierBar in #Schaffhausen.
Auch dort sind Exorzisten von der #FSFE am Werk und treiben den Teufel aus den Computern und installieren #Linux #GNULinux


 
Image/Photo
Morgen Samstag 17. Nov. 10-14h ist wieder #Repair_Café im GZ Heuried in #Zürich
#reparieren statt wegwerfen. Dort sind Exorzisten von der #FSFE am Werk und treiben den Teufel aus den Computern und installieren #Linux #GNULinux


 
Image/Photo
Image/Photo
reparierBar
#reparieren statt wegwerfen
Am nächsten Samstag 24. Nov. 10-16h ist #reparierBar in #Schaffhausen.
Auch dort sind Exorzisten von der #FSFE am Werk und treiben den Teufel aus den Computern und installieren #Linux #GNULinux


 
Image/Photo
Image/Photo
reparierBar
#reparieren statt wegwerfen
Am nächsten Samstag 24. Nov. 10-16h ist #reparierBar in #Schaffhausen.
Auch dort sind Exorzisten von der #FSFE am Werk und treiben den Teufel aus den Computern und installieren #Linux #GNULinux


 
Entwickler für Thunderbird gesucht
Mozilla plant, zusätzliche Entwickler einzustellen, die in Vollzeit am Mail-Client Thunderbird arbeiten. Schon im letzten Jahr hatte das Thunderbird-Projekt vier neue Mitarbeiter eingestellt, in diesem Jahr zwei weitere
https://www.pro-linux.de/news/1/26506/entwickler-f%C3%BCr-thunderbird-gesucht.html
#News #Welt #Menschen #Mensch #Nutzer #IT #PC #Thunderbird #Firefox #Mozilla #OpenSource #Software #Betriebssysteme #Betriebssysteme #GnuLinux #Linux #E-Mail #E-Mail-Client #Hilfe #Entwickler


 
Entwickler für Thunderbird gesucht
Mozilla plant, zusätzliche Entwickler einzustellen, die in Vollzeit am Mail-Client Thunderbird arbeiten. Schon im letzten Jahr hatte das Thunderbird-Projekt vier neue Mitarbeiter eingestellt, in diesem Jahr zwei weitere
https://www.pro-linux.de/news/1/26506/entwickler-f%C3%BCr-thunderbird-gesucht.html
#News #Welt #Menschen #Mensch #Nutzer #IT #PC #Thunderbird #Firefox #Mozilla #OpenSource #Software #Betriebssysteme #Betriebssysteme #GnuLinux #Linux #E-Mail #E-Mail-Client #Hilfe #Entwickler


 
Entwickler für Thunderbird gesucht
Mozilla plant, zusätzliche Entwickler einzustellen, die in Vollzeit am Mail-Client Thunderbird arbeiten. Schon im letzten Jahr hatte das Thunderbird-Projekt vier neue Mitarbeiter eingestellt, in diesem Jahr zwei weitere
https://www.pro-linux.de/news/1/26506/entwickler-f%C3%BCr-thunderbird-gesucht.html
#News #Welt #Menschen #Mensch #Nutzer #IT #PC #Thunderbird #Firefox #Mozilla #OpenSource #Software #Betriebssysteme #Betriebssysteme #GnuLinux #Linux #E-Mail #E-Mail-Client #Hilfe #Entwickler


 
Manjaro 18 vorgestellt
Die auf Arch Linux basierende Rolling-Release-Distribution »Manjaro« bietet mit »Illyria« eine überarbeitete Verwaltung von Kerneldateien, Softwareaktualisierungen und Verbesserungen bei der Benutzbarkeit

https://www.pro-linux.de/news/1/26451/manjaro-18-vorgestellt.html
#News #Welt #EU #Menschen #Germany #Deutschland #IT #PC #GnuLinux #Linux #Tux #Manjaro #ManjaroLinux #Arch #OpenSource #Software #Betriebssystem #Betriebssysteme #Desktop #Xfce


 
Manjaro 18 vorgestellt
Die auf Arch Linux basierende Rolling-Release-Distribution »Manjaro« bietet mit »Illyria« eine überarbeitete Verwaltung von Kerneldateien, Softwareaktualisierungen und Verbesserungen bei der Benutzbarkeit

https://www.pro-linux.de/news/1/26451/manjaro-18-vorgestellt.html
#News #Welt #EU #Menschen #Germany #Deutschland #IT #PC #GnuLinux #Linux #Tux #Manjaro #ManjaroLinux #Arch #OpenSource #Software #Betriebssystem #Betriebssysteme #Desktop #Xfce


 

Instalar #LibreOffice forma manual y sin repositorios en Linux



En mi caso pretendo instalar LibreOffice en un sistema operativo Debian, pero me encuentro con los siguientes problemas:

Los repositorios de Debian únicamente disponen de la versión 4.3.3 de LibreOffice. La versión más actual a día de hoy es la 6.0.5.
Si consulto el repositorio Backports únicamente dispone de la versión 5.2.7. Esta sin duda no es la última versión de LibreOffice.
En Debian, y en la mayoría de distribuciones, no existen repositorios ppa como en Ubuntu.
https://geekland.eu/instalar-libreoffice-sin-repositorios/
#Ñ #gnu #linux #gnulinux
Instalar LibreOffice forma manual y sin repositorios en Linux


 

Instalar #LibreOffice forma manual y sin repositorios en Linux



En mi caso pretendo instalar LibreOffice en un sistema operativo Debian, pero me encuentro con los siguientes problemas:

Los repositorios de Debian únicamente disponen de la versión 4.3.3 de LibreOffice. La versión más actual a día de hoy es la 6.0.5.
Si consulto el repositorio Backports únicamente dispone de la versión 5.2.7. Esta sin duda no es la última versión de LibreOffice.
En Debian, y en la mayoría de distribuciones, no existen repositorios ppa como en Ubuntu.
https://geekland.eu/instalar-libreoffice-sin-repositorios/
#Ñ #gnu #linux #gnulinux
Instalar LibreOffice forma manual y sin repositorios en Linux


 
Immagine/foto
Semaine des Libertés Numériques au Bar commun : demandez le programme !

Du 21 au 25 novembre prochains, au Bar commun, dans le 18ème à Paris, se déroulera la SLN, manifestation de laquelle nous vous invitons à télécharger le programme synthétique ou le programme détaillé, au choix selon le temps que vous avez à consacrer à sa lecture (deux minutes ou dix).

Cet événement est l'occasion de remettre en question nos usages du numérique et de réfléchir à une autre manière, plus respectueuse de nos vies privées et de nos démocraties, d'utiliser les nouvelles technologies. Allez, un petit Ctrl Alt Suppr et c'est reparti !

Partagez l'info et venez nombreux !

#Barco #logiciellibre #logiciel #neutralitédunet #neutralitéduweb #caféassociatif #paris #paris18 #barcommun #bar #événement #manifestation #liberté #liberténumérique #libertésnumériques #filipevilasboas #pavésnumériques #informatique #numérique #mageia #linux #GNU #GNULinux #LQDN #APRIL #Framasoft #CECIL #LibreOffice #wikidébat #révolutionnumérique #lunar #labriqueinternet #franciliensnet #VLC #VideoLan #Duniter #lemoutonnumérique #monnaielibre #SLN #SemainedesLibertésNumériques


 
Immagine/foto
Semaine des Libertés Numériques au Bar commun : demandez le programme !

Du 21 au 25 novembre prochains, au Bar commun, dans le 18ème à Paris, se déroulera la SLN, manifestation de laquelle nous vous invitons à télécharger le programme synthétique ou le programme détaillé, au choix selon le temps que vous avez à consacrer à sa lecture (deux minutes ou dix).

Cet événement est l'occasion de remettre en question nos usages du numérique et de réfléchir à une autre manière, plus respectueuse de nos vies privées et de nos démocraties, d'utiliser les nouvelles technologies. Allez, un petit Ctrl Alt Suppr et c'est reparti !

Partagez l'info et venez nombreux !

#Barco #logiciellibre #logiciel #neutralitédunet #neutralitéduweb #caféassociatif #paris #paris18 #barcommun #bar #événement #manifestation #liberté #liberténumérique #libertésnumériques #filipevilasboas #pavésnumériques #informatique #numérique #mageia #linux #GNU #GNULinux #LQDN #APRIL #Framasoft #CECIL #LibreOffice #wikidébat #révolutionnumérique #lunar #labriqueinternet #franciliensnet #VLC #VideoLan #Duniter #lemoutonnumérique #monnaielibre #SLN #SemainedesLibertésNumériques


 

#Debian lanzo actualizaciones de seguridad contra Spectre V4 y V3a



Como se dio a conocer hace ya bastante tiempo los problemas de seguridad relacionados con Spectre el cual ha dado mucho de qué hablar durante estos meses.

Aun que se han venido solucionando muchos de los errores de seguridad que conllevan a Spectre en Linux, se han desarrollado nuevos errores y sobre todo nuevas variantes.

Para aquellos lectores que desconocen de esta vulnerabilidad les puedo comentar que Spectre es una vulnerabilidad que afecta a los microprocesadores modernos que utilizan predicción de saltos.

En la mayoría de los procesadores, la ejecución especulativa que surge de un fallo de la predicción puede dejar efectos observables colaterales que pueden revelar información privada a un atacante.
https://blog.desdelinux.net/debian-lanzo-actualizaciones-de-seguridad-contra-spectre-v4-y-v3a/
#Ñ #seguridad #gnu #linux #gnulinux
Debian lanzo actualizaciones de seguridad contra Spectre V4 y V3a


 

#Debian lanzo actualizaciones de seguridad contra Spectre V4 y V3a



Como se dio a conocer hace ya bastante tiempo los problemas de seguridad relacionados con Spectre el cual ha dado mucho de qué hablar durante estos meses.

Aun que se han venido solucionando muchos de los errores de seguridad que conllevan a Spectre en Linux, se han desarrollado nuevos errores y sobre todo nuevas variantes.

Para aquellos lectores que desconocen de esta vulnerabilidad les puedo comentar que Spectre es una vulnerabilidad que afecta a los microprocesadores modernos que utilizan predicción de saltos.

En la mayoría de los procesadores, la ejecución especulativa que surge de un fallo de la predicción puede dejar efectos observables colaterales que pueden revelar información privada a un atacante.
https://blog.desdelinux.net/debian-lanzo-actualizaciones-de-seguridad-contra-spectre-v4-y-v3a/
#Ñ #seguridad #gnu #linux #gnulinux
Debian lanzo actualizaciones de seguridad contra Spectre V4 y V3a


 

En esta web listan todos los juegos compatibles con Steam Play que puedes jugar en Linux sin problemas



Hace poco les contamos sobre el nuevo Steam Play, una novedad de Valve para aumentar la compatibilidad de videojuegos en Linux. Es básicamente una versión modificada de Wine que permite desde ya jugar juegos hechos para Windows en Linux sin necesidad de instalar nada adicional.

Proton es su nombre, y es un proyecto de código abierto que se encuentra actualmente en beta abierta. Con su lanzamiento Steam dio una lista de 27 juegos que funcionan bien con Proton y que recomiendan para probar, pero la comunidad ya tiene su propia lista, una en la que se han reportados más de 4000 juegos hasta la fecha y más de 2000 de ellos funcionan bien con este método.
https://www.genbeta.com/linux/esta-web-listan-todos-juegos-compatibles-steam-play-que-puedes-jugar-linux-problemas
#gnu #linux #gnulinux #Ñ


 

En esta web listan todos los juegos compatibles con Steam Play que puedes jugar en Linux sin problemas



Hace poco les contamos sobre el nuevo Steam Play, una novedad de Valve para aumentar la compatibilidad de videojuegos en Linux. Es básicamente una versión modificada de Wine que permite desde ya jugar juegos hechos para Windows en Linux sin necesidad de instalar nada adicional.

Proton es su nombre, y es un proyecto de código abierto que se encuentra actualmente en beta abierta. Con su lanzamiento Steam dio una lista de 27 juegos que funcionan bien con Proton y que recomiendan para probar, pero la comunidad ya tiene su propia lista, una en la que se han reportados más de 4000 juegos hasta la fecha y más de 2000 de ellos funcionan bien con este método.
https://www.genbeta.com/linux/esta-web-listan-todos-juegos-compatibles-steam-play-que-puedes-jugar-linux-problemas
#gnu #linux #gnulinux #Ñ


 

Translators


I made a little experiment with online translators. I tested:

I. opennmt.net, an open source neural machine translation system - https://demo-pnmt.systran.net/production
II. apertium, a free/open-source machine translation platform - https://www.apertium.org
III. DeepL, which project trains artificial intelligence to understand and translate texts -
https://www.deepl.com/translator

I also tested https://www.reverso.net and https://www.tatobea.org but I found reverso.net horrible in every which way and tatobea is intended to be used only for words and phrases (sentences).

Here is a random text in Spanish I took from this post: https://diasp.org/posts/9565703

"Muchas veces pienso en la teoría de la Evolución y en que es posible su aplicación a procesos/desarrollos tecnológicos de la actualidad. A veces, es muy llamativo, como miles de procesos humanos terminan imitando a la naturaleza, ya sea de forma consciente o totalmente de forma casual e involuntaria, casi por azar. Ejemplos en nuestra historia hay muchos. Al final, nuestra se demuestra una especie de mejora constante y una evolución progresiva, que no sólo hace recordar ciertos patrones naturales; sino pareciera que no hay una vía externa acerca de un axioma irrefutable: la mejora es aquella que proviene de muchos intentos de hacer lo mismo y de aplicar la misma idea de distintas formas en donde la mejor (ya sea en términos de popularidad, recursos o -inserte su patrón aquí) logra imponerse o sobrevivir, o bien sirviendo como fuente e inspiración para los proyectos que vienen. Sin embargo, del hecho de que muchas ideas sólo algunas resulten, sean atractivas o que tengan un futuro promisorio, sólo es el resultado de un universo superior de ideas que ha fallado o ha perecido en el intento, para finalizar como meras curiosidades históricas en artículos pretenciosos como éste."

Translations:

I. https://demo-pnmt.systran.net/production

"I often think of the theory of Evolution and that it is possible to apply it to current technological processes/developments. Sometimes it is very striking, as thousands of human processes end up imitating nature, either consciously or completely, casually and involuntarily, almost by chance. Examples in our history are many. In the end, ours shows a sort of constant improvement and progressive evolution, which not only makes certain natural patterns remember; But it seems that there is no external path about an irrefutable axiom: The improvement is that comes from many attempts to do the same and apply the same idea in different ways where the best (be it in terms of popularity, resources, or - insert your pattern here) succeed in imposing or surviving, or serving as a source and inspiration for the projects that come. However, the fact that many ideas are only a few, whether attractive or having a promising future, is only the result of a superior universe of ideas that has failed or perished in the attempt, to end as mere historical curiosities in pretentious articles like this."

II. https://www.apertium.org

"Many times I think in the theory of the Evolution and in that it is possible his application to processes/technological developments of the actuality. Sometimes, it is very striking, like thousands of human processes finish imitating to the nature, already was of conscious form or totally of casual and involuntary form, almost by chance. Examples in our history there are many. At the end, ours shows a species of constant improvement and a progressive evolution, that no only does to remember some natural patterns; but it seemed that there is not an external road about an irrefutable axiom: the improvement is that that comes from of a lot of attempts to do the same and to apply the same idea of distinct forms in where the best (already was in terms of popularity, resources or -insert his pattern here) attains to impose or survive, or serving like source and inspiration for the projects that come. However, of the fact that a lot of ideas only some result, are attractive or that have a promissory future, only is the result of an upper universe of ideas that has failed or has perished in the attempt, to finalise as mere historical curiosities in pretentious articles like this."

III. https://www.deepl.com/translator

"I often think about the theory of Evolution and how it can be applied to current technological processes/developments. Sometimes, it is very striking, as thousands of human processes end up imitating nature, either consciously or totally in a casual and involuntary way, almost by chance. There are many examples in our history. In the end, our is shown to be a kind of constant improvement and progressive evolution, which not only reminds us of certain natural patterns; but there seems to be no external way to an irrefutable axiom: improvement is that which comes from many attempts to do the same thing and to apply the same idea in different ways where the best (either in terms of popularity, resources or - insert your pattern here -) succeeds in imposing itself or surviving, or serving as a source and inspiration for the projects to come. However, the fact that many ideas are only a few, attractive or have a promising future, is only the result of a superior universe of ideas that has failed or perished in the attempt, to end up as mere historical curiosities in pretentious articles like this one."

And from this post https://diasp.org/posts/9566042 here is how the author translated his text (typos fixed):

"Many times I think of the theory of Evolution and how much of that theory is possible to apply on processes/ technological developments at the present time. Sometimes, it is very striking, as thousands of processes done by humans end up imitating nature, either consciously or totally casually and involuntarily, by chance. There are many examples in our history. In the end, our effort shows a kind of constant improvement and a progressive evolution, which not only reminds certain natural patterns; but it seems that there is no external way about an irrefutable axiom: the improvement is the one which comes from many attempts to do the same and applying the same idea in different ways; where the best (either in terms of popularity, resources or insert your pattern here) ends to impose or survive by itself, or serving as a source and inspiration for the projects to come. However, the fact that out of many ideas only a few are attractive or have a promising future, is only the result of a larger universe of ideas that has failed or perished in the attempt, to end up as mere historical curiosities in pretentious articles like this one."

Something like opennmt translations implemented as a feature on a social media site like d* might be an additional function to consider.

#translator #translators #translate #opennmt #nmt #apertium #deepl #reverso #tatobea #hackernews #gnu #linux #gnulinux #opensource #foss #onlinetranslator #onlinetranslators


 
Intel knüpft neue Bedingungen an Microcode
https://www.pro-linux.de/news/1/26226/intel-kn%C3%BCpft-neue-bedingungen-an-microcode.html
#Achtung #News #Welt #Germany #Deutschland #GnuLinux #Debian #OpenSource #Betriessyteme #Software #Tux


 
Intel knüpft neue Bedingungen an Microcode
https://www.pro-linux.de/news/1/26226/intel-kn%C3%BCpft-neue-bedingungen-an-microcode.html
#Achtung #News #Welt #Germany #Deutschland #GnuLinux #Debian #OpenSource #Betriessyteme #Software #Tux


 

./play.it: un proyecto para la construcción de paquetes de tus juegos favoritos



Uno de los grandes mitos que puedes escuchar sobre Linux es que “En Linux no se puede utilizar para juegos” y esto es debido a que muchos de los títulos de juegos que eran lanzados para PC, no contaban con una versión para ser ejecutada en Linux.

Aun que este problema era un factor principal, esto no dejo de ser un impedimento para que se desarrollaran las diferentes herramientas que podemos encontrar hoy en día que nos permiten poder disfrutar de nuestros títulos favoritos en nuestro sistema.

Entre las herramientas mas famosas que podemos mencionar podemos encontrar a Wine de la cual algunas otras hacen uso de esta tales como PlayOnLinux o CrossOver.

Con la llegada de Steam y SteamOS el catálogo de juegos y soporte para Linux se ha incrementado a grandes pasos.

Tal es el punto de que Steam quiere que en Linux sea posible ejecutar juegos que solamente puede ser instalados en Windows sin necesidad de software adicional.

Aun que es una excelente iniciativa lo mas seguro es que utilicen bajo la capa de Steam a Wine, con lo que tendrán que hacer un gran esfuerzo o unir lazos con los desarrolladores de Wine para mejorar y pulir esta idea.

Pero este no es el punto de hoy, si bien también existen los ya famosos paquetes “Winepak” que son apoyados bajo la tecnología de los paquetes Flatpak que vienen con una capa de compatibilidad de Wine integrada.

También existe otro proyecto bastante similar, pero a diferencia de los “Winepak” este proyecto propone la construcción de paquetes que pueden ser instalados en tu distribución como si de otra aplicación se tratase.
https://blog.desdelinux.net/play-it-un-proyecto-para-la-construccion-de-paquetes-de-tus-juegos-favoritos/
#Ñ #gnu #linux #gnulinux #videojuegos #videogames #games
./play.it: un proyecto para la construcción de paquetes de tus juegos favoritos


 

./play.it: un proyecto para la construcción de paquetes de tus juegos favoritos



Uno de los grandes mitos que puedes escuchar sobre Linux es que “En Linux no se puede utilizar para juegos” y esto es debido a que muchos de los títulos de juegos que eran lanzados para PC, no contaban con una versión para ser ejecutada en Linux.

Aun que este problema era un factor principal, esto no dejo de ser un impedimento para que se desarrollaran las diferentes herramientas que podemos encontrar hoy en día que nos permiten poder disfrutar de nuestros títulos favoritos en nuestro sistema.

Entre las herramientas mas famosas que podemos mencionar podemos encontrar a Wine de la cual algunas otras hacen uso de esta tales como PlayOnLinux o CrossOver.

Con la llegada de Steam y SteamOS el catálogo de juegos y soporte para Linux se ha incrementado a grandes pasos.

Tal es el punto de que Steam quiere que en Linux sea posible ejecutar juegos que solamente puede ser instalados en Windows sin necesidad de software adicional.

Aun que es una excelente iniciativa lo mas seguro es que utilicen bajo la capa de Steam a Wine, con lo que tendrán que hacer un gran esfuerzo o unir lazos con los desarrolladores de Wine para mejorar y pulir esta idea.

Pero este no es el punto de hoy, si bien también existen los ya famosos paquetes “Winepak” que son apoyados bajo la tecnología de los paquetes Flatpak que vienen con una capa de compatibilidad de Wine integrada.

También existe otro proyecto bastante similar, pero a diferencia de los “Winepak” este proyecto propone la construcción de paquetes que pueden ser instalados en tu distribución como si de otra aplicación se tratase.
https://blog.desdelinux.net/play-it-un-proyecto-para-la-construccion-de-paquetes-de-tus-juegos-favoritos/
#Ñ #gnu #linux #gnulinux #videojuegos #videogames #games
./play.it: un proyecto para la construcción de paquetes de tus juegos favoritos


 
Why the EU hates facebook - GDPR back and forth - DSGVO hin und her - the end of Facebook Twitter Google and Co in Europe?

Why the EU hates facebook?

The politicians there are afraid that facebook can be used against them – and „Steve Bannon’s bold plan to start a populist revolution in Europe“ is already working to overthrow governments.




i think that the best way to protect private data / privacy is to:

Immagine/foto
  • not share it – not use products / platforms that disrespect privacy
  • create and use alternative technologies that respects your privacy
    • only use Free / Open Source / GPL licensed software
      • this should be taught at schools and universities – why is it NOT?
    • custom firmware
    • encrypted mail (enigmail)
    • create and use binary blob free hardware (no proprietary drivers/bbfh) (LibreBoot is a start)
      • right now the biggest challenge seems to create a completely blob free GPU
Immagine/foto

all this is completely ignored by the EU – and hence – they probably gonna miss their intended target.

It leads to interesting results – like that of the highest European court EUGH – to also blame Facebook / Google / Twitters users for the violations of the GDPR law by those companies.

result: all those companies will do is put a disclaimer on european screens and close down all facilities in Europe – so they can escape this law.

another result – if no alternatives are provided: angry users – lawyers that try to exploit it „dissuation“ „Abmahnung“.

Not only companies, registered associations and even lawyers but also courts have problems with the complexity of the GDPR law: regional court „facebook users not to blame for violations of their privacy“ EUGH: „yes they are“.

two things are for sure: it will create a lot of lawyer-jobs („great“ that’s what this world needs) and it will consume a lot of resources and time of Europeans.

Abmahnungen:


‚„Jan Albrecht („Der Vater des DSGVO“ Partei: Die Grünen) und Co. hatten gute Absichten, aber statt intelligenten nur bürokratisch-altbackene Lösungen.

Prädestiniert für Abmahner und engstirnige Prinzipienreiter. Hauptprofiteure sind wir Anwälte.“. Das sagte der Rechtsanwalt und Datenschutzexperte Prof. Niko Härting kürzlich zur DSGVO‘ (src)

Dr. jur. Thomas Schwenke, LL.M. (UoA), Dipl.FinWirt (FH), ist Rechtsanwalt in Berlin und für die Vorratsdatenspeicherung.

„Eine IP-Vorratsdatenspeicherung würde den Schutz journalistischer Quellen untergraben und damit die Pressefreiheit im Kern beschädigen. Sie würde auch Anwalts-, Arzt-, Seelsorge-, Beratungs- und andere Berufsgeheimnisse aushöhlen.“

Quelle: https://de.wikipedia.org/wiki/Vorratsdatenspeicherung#IP-Vorratsdatenspeicherung

Zuckerberg besucht die EU:


https://youtu.be/HlgkpiYa0rs







the law caused a dent in Facebook’s stock chart.

2014: OVG Schleswig: Betreiber von Facebook-Seiten haften nicht für Facebooks Datenschutzverstöße – Rechtliche Stolperfallen im Facebook Marketing Teil 16


Ich begrüße die Entscheidung. Erstens, da die Nutzer entlastet wurden und zweitens, da es nicht eindeutig ist, ob die Datenerhebung durch Facebook rechtswidrig ist.

Allerdings ist es schwer, direkt gegen Facebook vorzugehen, da dessen europäischer Sitz sich in Irland befindet und daher die irischen Datenschutzbehörden zuständig sind (was jedoch auch umstritten ist).

(src)

2018: Betreiber von Facebook-Seiten für Facebooks (potentielle) Datenschutzverstöße mithaften


„Der Europäische Gerichtshof hat entschieden, dass Betreiber von Facebook-Seiten für Facebooks (potentielle) Datenschutzverstöße mithaften (EuGH, Urteil vom 05.06.2018, Az. C-210/16, Pressemitteilung).



Die Entscheidung bezieht sich zwar nur auf Facebook, ist aber m.E. auf alle Dienste oder Tools übertragbar. Seien es Twitter- oder Instagram-Profile, Google-Maps-Einträge oder Embedding von Videos. D.h. bei all diesen Diensten haften Sie für etwaige Datenschutzverstöße mit.“ (EUGH-Urteil)

Links:





https://ct.de/dsgvo18

https://www.heise.de/ct/ausgabe/2018-11-Die-Umsetzung-der-DSGVO-Vorgaben-laeuft-nicht-rund-4039713.html?wt_mc=print.ct.2018.11.76#zsdb-article-links

webserver iplogs illegal? fail2ban / DDoS protection / webstatistics all rely on those logs

https://www.ctrl.blog/entry/gdpr-web-server-logs

https://datenschutz-generator.de/

\#linux #gnu #gnulinux #opensource #administration #sysops #privacy #facebook #google #twitter #gdpr #dsgvo #freesoftware #gpl #bannon #trump
Quelle: https://dwaves.org/2018/08/23/why-the-eu-hates-facebook-gdpr-back-and-forth-dsgvo-hin-und-her-the-end-of-facebook-twitter-google-and-co-in-europe/
Why the EU hates facebook – GDPR back and forth – DSGVO hin und her – the end of Facebook Twitter Google and Co in Europe?


 
Why the EU hates facebook - GDPR back and forth - DSGVO hin und her - the end of Facebook Twitter Google and Co in Europe?

Why the EU hates facebook?

The politicians there are afraid that facebook can be used against them – and „Steve Bannon’s bold plan to start a populist revolution in Europe“ is already working to overthrow governments.




i think that the best way to protect private data / privacy is to:

Immagine/foto
  • not share it – not use products / platforms that disrespect privacy
  • create and use alternative technologies that respects your privacy
    • only use Free / Open Source / GPL licensed software
      • this should be taught at schools and universities – why is it NOT?
    • custom firmware
    • encrypted mail (enigmail)
    • create and use binary blob free hardware (no proprietary drivers/bbfh) (LibreBoot is a start)
      • right now the biggest challenge seems to create a completely blob free GPU
Immagine/foto

all this is completely ignored by the EU – and hence – they probably gonna miss their intended target.

It leads to interesting results – like that of the highest European court EUGH – to also blame Facebook / Google / Twitters users for the violations of the GDPR law by those companies.

result: all those companies will do is put a disclaimer on european screens and close down all facilities in Europe – so they can escape this law.

another result – if no alternatives are provided: angry users – lawyers that try to exploit it „dissuation“ „Abmahnung“.

Not only companies, registered associations and even lawyers but also courts have problems with the complexity of the GDPR law: regional court „facebook users not to blame for violations of their privacy“ EUGH: „yes they are“.

two things are for sure: it will create a lot of lawyer-jobs („great“ that’s what this world needs) and it will consume a lot of resources and time of Europeans.

Abmahnungen:


‚„Jan Albrecht („Der Vater des DSGVO“ Partei: Die Grünen) und Co. hatten gute Absichten, aber statt intelligenten nur bürokratisch-altbackene Lösungen.

Prädestiniert für Abmahner und engstirnige Prinzipienreiter. Hauptprofiteure sind wir Anwälte.“. Das sagte der Rechtsanwalt und Datenschutzexperte Prof. Niko Härting kürzlich zur DSGVO‘ (src)

Dr. jur. Thomas Schwenke, LL.M. (UoA), Dipl.FinWirt (FH), ist Rechtsanwalt in Berlin und für die Vorratsdatenspeicherung.

„Eine IP-Vorratsdatenspeicherung würde den Schutz journalistischer Quellen untergraben und damit die Pressefreiheit im Kern beschädigen. Sie würde auch Anwalts-, Arzt-, Seelsorge-, Beratungs- und andere Berufsgeheimnisse aushöhlen.“

Quelle: https://de.wikipedia.org/wiki/Vorratsdatenspeicherung#IP-Vorratsdatenspeicherung

Zuckerberg besucht die EU:


https://youtu.be/HlgkpiYa0rs







the law caused a dent in Facebook’s stock chart.

2014: OVG Schleswig: Betreiber von Facebook-Seiten haften nicht für Facebooks Datenschutzverstöße – Rechtliche Stolperfallen im Facebook Marketing Teil 16


Ich begrüße die Entscheidung. Erstens, da die Nutzer entlastet wurden und zweitens, da es nicht eindeutig ist, ob die Datenerhebung durch Facebook rechtswidrig ist.

Allerdings ist es schwer, direkt gegen Facebook vorzugehen, da dessen europäischer Sitz sich in Irland befindet und daher die irischen Datenschutzbehörden zuständig sind (was jedoch auch umstritten ist).

(src)

2018: Betreiber von Facebook-Seiten für Facebooks (potentielle) Datenschutzverstöße mithaften


„Der Europäische Gerichtshof hat entschieden, dass Betreiber von Facebook-Seiten für Facebooks (potentielle) Datenschutzverstöße mithaften (EuGH, Urteil vom 05.06.2018, Az. C-210/16, Pressemitteilung).



Die Entscheidung bezieht sich zwar nur auf Facebook, ist aber m.E. auf alle Dienste oder Tools übertragbar. Seien es Twitter- oder Instagram-Profile, Google-Maps-Einträge oder Embedding von Videos. D.h. bei all diesen Diensten haften Sie für etwaige Datenschutzverstöße mit.“ (EUGH-Urteil)

Links:





https://ct.de/dsgvo18

https://www.heise.de/ct/ausgabe/2018-11-Die-Umsetzung-der-DSGVO-Vorgaben-laeuft-nicht-rund-4039713.html?wt_mc=print.ct.2018.11.76#zsdb-article-links

webserver iplogs illegal? fail2ban / DDoS protection / webstatistics all rely on those logs

https://www.ctrl.blog/entry/gdpr-web-server-logs

https://datenschutz-generator.de/

\#linux #gnu #gnulinux #opensource #administration #sysops #privacy #facebook #google #twitter #gdpr #dsgvo #freesoftware #gpl #bannon #trump
Quelle: https://dwaves.org/2018/08/23/why-the-eu-hates-facebook-gdpr-back-and-forth-dsgvo-hin-und-her-the-end-of-facebook-twitter-google-and-co-in-europe/
Why the EU hates facebook – GDPR back and forth – DSGVO hin und her – the end of Facebook Twitter Google and Co in Europe?


 

Un fallo en el TCP de Linux y #FreeBSD abre la puerta a una denegación de servicio - MuySeguridad



El investigador en seguridad finés Juha-Matti Tilli ha descubierto una vulnerabilidad en el kernel Linux que reportó a los mantenedores de dicho software y a diversas instituciones.

La vulnerabilidad hallada en Linux (CVE-2018-5390) ha recibido el nombre de SegmentSmack y se trata de un agotamiento de recursos desencadenado por una secuencia específicamente diseñada de segmentos TCP que termina siendo de procesamiento costoso para el kernel. El problema impacta a muchos usuarios de sistemas operativos Linux, ya que las versiones más afectadas son la 4.9 y la siguientes, mientras que la 4.8 y anteriores requiere de una mayor cantidad de tráfico malicioso para provocar el mismo agotamiento de los recursos.
https://www.muyseguridad.net/2018/08/08/fallo-tcp-linux-freebsd-denegacion-de-servicio/
#Ñ #seguridad #gnu #linux #gnulinux


 

Un fallo en el TCP de Linux y #FreeBSD abre la puerta a una denegación de servicio - MuySeguridad



El investigador en seguridad finés Juha-Matti Tilli ha descubierto una vulnerabilidad en el kernel Linux que reportó a los mantenedores de dicho software y a diversas instituciones.

La vulnerabilidad hallada en Linux (CVE-2018-5390) ha recibido el nombre de SegmentSmack y se trata de un agotamiento de recursos desencadenado por una secuencia específicamente diseñada de segmentos TCP que termina siendo de procesamiento costoso para el kernel. El problema impacta a muchos usuarios de sistemas operativos Linux, ya que las versiones más afectadas son la 4.9 y la siguientes, mientras que la 4.8 y anteriores requiere de una mayor cantidad de tráfico malicioso para provocar el mismo agotamiento de los recursos.
https://www.muyseguridad.net/2018/08/08/fallo-tcp-linux-freebsd-denegacion-de-servicio/
#Ñ #seguridad #gnu #linux #gnulinux


 

¿Sabias que uno de los mejores softwares de grabación y streaming es Open Source? Open Broadcaster Software (OBS) es su nombre


Es uno de los programas más usados para realizar grabaciones o trasmisiones de video por internet (streaming), se usa tanto para grabaciones caseras o incluso producciones para youtube o twitch, pues muchos creadores de contenido emplean esta herramienta de código abierto.

Para ver el artículo completo has click aquÍ




#Venezuela #Latinoamerica #SoftwareLibre #GNULinux #Linux #LinuxUniversoLibre #Lignux #Debian


 

¿Sabias que uno de los mejores softwares de grabación y streaming es Open Source? Open Broadcaster Software (OBS) es su nombre


Es uno de los programas más usados para realizar grabaciones o trasmisiones de video por internet (streaming), se usa tanto para grabaciones caseras o incluso producciones para youtube o twitch, pues muchos creadores de contenido emplean esta herramienta de código abierto.

Para ver el artículo completo has click aquÍ




#Venezuela #Latinoamerica #SoftwareLibre #GNULinux #Linux #LinuxUniversoLibre #Lignux #Debian


 
Immagine/foto

invidio.us


is an open source webapp. invidio.us offers an alternative front-end to YouTube

**to watch videos without G* tracking.*


https://github.com/omarroth/invidious

It says on the page: "Invidious is what YouTube should be."

https://www.reddit.com/r/SideProject/comments/8wvazc/invidous_alternative_frontend_to_youtube/

Just replace youtube.com by invidio.us:



https://www.invidio.us/watch?v=kMOWCZkU_QM

If you right click the video, there is a "Save video as" option.

The site also works without javascript.

There are add-ons available which redirect Youtube URLs to invidio.us (userscript) or replace YouTube embeds with invidio.us embeds (userscript).

#invidio.us #invidious #youtube #hooktube #google #gevil #linux #gnu #gnulinux #hackernews #security #privacy #javascript #noscript #scriptsafe #video #videos


 

#Multisystem: not yet another #liveUSB-tool, but multiple #ISO on one #USB drive :)

..nicht irgendein anderes liveUSB-tool, sondern mehrere ISO auf einem USB #stick :)


http://liveusb.info/dotclear/

And a good chance to learn/train French, no German or Englisch website :) The program itself shows up to me in English and German.
I prefer the installable Multisystem packages for Ubuntu ( http://liveusb.info/dotclear/index.php?pages/install ), instead of the live-CD.

..und guter Anlass zum Französisch lernen/üben, keine Deutsche oder Englische website :) Das Programm selbst ist dann bei mir halb Deutsch, halb Englisch. Mir ist das Multisystem-Paket für Ubuntu ( http://liveusb.info/dotclear/index.php?pages/install ) lieber als die Multisystem-live-CD.

#gnulinux #linux #windows #OS #unetbootin #pendrive #livesystem #liveboot #livelinux #ubuntu #xubuntu #windows #windows7


 
Immagine/foto
Immagine/foto
Immagine/foto
Let's start with a translation of this four years old post: https://diasp.org/posts/3834747

------------------------------------------------------------------------------------------------------------------------------------------------------

Seamonkey, Mozilla's hidden child


There is not much buzz about Seamonkey, which is not a well known browser but yet full of qualities. This is the legacy of the old Mozilla suite, which at the time included a web browser, an email client, and other things. Seamonkey is the independent resumption of this project since Mozilla devoted itself to Firefox and Thunderbird.

The software therefore consists of a Web browser equipped with Gecko, an e-mail client, an address book and an IRC client. The whole is extensible and based on modern technologies imported from other Mozilla products.

What I particularly like about Seamonkey is that the user interface is classic. In fact, it has hardly moved since the time of the Mozilla suite. We always have a menu bar and item bars that we can customize at will. The bars can be retracted and removed. Themes management is available. It is less flashy than the latest Firefox whose visual aspect frustrates me.

Seamonkey takes up in a very classical way the canons of the old Mozilla, but behind it there are modern technologies hidden and subtle evolutions like the recent Gecko engine, the synchronization of the bookmarks or the address bar which also makes searches.

Update: Recent versions do not include the IRC client (ChatZilla), but it can be installed as an extension.

-----------------------------------------------------------------------------------------------------------------------------------------------------

So far, so good... Is the project still alive? Yes!


http://www.seamonkey-project.org // Project News // July 27, 2018 // SeaMonkey 2.49.4 released

Let's give it a try!


There are downloads on the official site or there are also unofficial builds available here:
http://www.wg9s.com/comm-257/

Consider - As it says on this page: "the official Linux builds only require glibc version 2.12 (libc-2.12.so) and stdcxx version 3.4.16 (libstdc++.so.6.0.16) or later, the Linux builds provided on wg9s.com require glibc version 2.18 (libc-2.18.so) and stdcxx version 3.4.23 (libstdc++.so.6.0.23) or later."

Check:
- strings /usr/lib/x86_64-linux-gnu/libstdc++.so.6 | grep GLIBCXX

I'm not sure about Ubuntu, but on Debian Stretch it's GLIBCXX 3.4.22 atm (if I'm not mistaken the wg9s build won't work).

After downloading and extracting the file (which is around 50 MB) from seamonkey-project.org some more packages are required to get it run (after reading the error messages these were the ones I could identify):
- sudo apt install libstdc++-6-dev
- sudo apt install lib32stdc++6
- sudo apt install libgtk-3-0:i386
- sudo apt install libasound2:i386
- sudo apt install libdbus-glib-1-2:i386
- sudo apt install libxt6:i386

Seamonkey starts fine from userspace (did not work for me from /opt/seamonkey).

It looks a bit outdated but actually I don't mind as the theme can be changed anyway. Btw Seamonkey is the default browser on the distros LXLE and Puppy.

#seamonkey #browser #mozilla #gecko #thunderbird #firefox #emailclient #irc #linux #gnu #gnulinux #lxle #puppy #puppylinux #hackernews


 
Linux: Alternative Browsers - last update: 2018

update: 2018.04


PaleMoon (Mozilla code base) was just updated and released https://www.palemoon.org/releasenotes.shtml


https://en.wikipedia.org/wiki/Vivaldi_(web_browser)

Image/Photo

Vivaldi is a freeware, cross-platform web browser developed by Vivaldi Technologies, a company founded by Opera Software co-founder and former CEO Jon Stephenson von Tetzchner and Tatsuki Tomita. The browser was officially launched on April 12, 2016.[8][9] The browser is aimed at staunch technologists, heavy Internet users, and previous Opera web browser users disgruntled by Opera’s transition from the Presto layout engine to the Blink layout engine, which removed many popular features.[8][10] Vivaldi aims to revive the old, popular features of Opera 12.[11] The browser has gained popularity since the launch of its first technical preview.[12][13] The browser has 1 million users as of January 2017.[14]

Checkout: IceCat


Image/Photo

Which browser to surf freely? #2 Independent


Image/Photo

this question immediately brings another question along:

What html rendering engine should i use? (can i trust)


A web browser engine (sometimes called layout engine or rendering engine) is a program that renders marked up content (such as HTML, XML, image files, etc.) and formatting information (such as CSS, XSL, etc.).

A layout engine is a typical component of web browsers, email clients, e-book readers, on-line help systems or other applications that require the displaying (and editing) of web content.

source: [url=https://en.wikipedia.org/wiki/Web_browser_engine]https://en.wikipedia.org/wiki/Web_browser_engine[/url]

Graphical

Image/PhotoImage/PhotoImage/Photo Image/Photo

You can surf netsurf’s source-code here: http://www.netsurf-browser.org/downloads/source/

Text-based

Image/Photo

Historical

source: https://en.wikipedia.org/wiki/List_of_layout_engines

General information


Basic general information about the engines.

EngineDeveloper(s)Software licenseLeading applicationTarget application(s)Programming languageBlink[note 1]Google, Opera, Samsung, Intel, others[2]GNU LGPL, BSD-styleGoogle ChromeGoogle Chrome & Opera from 15.0C++DilloDillo developersGNU LGPLDilloDilloCEdgeHTML[note 2]MicrosoftProprietaryEdgeEdgeC++[3]GeckoNetscape/Mozilla FoundationMPLMozilla FirefoxMozilla Firefox & Mozilla ThunderbirdC++Goanna[note 3]Moonchild ProductionsMPLPale MoonPale Moon & FossaMailC++GtkHTML[note 4]GNOMEGNU LGPLNovell EvolutionNovell EvolutionCHubbubAndrew SidwellMIT[4]NetSurfNetSurfCiCab[note 4]Alexander ClaussProprietaryiCabiCab?KHTMLKDEGNU LGPLKonquerorKonqueror & KMailC++NetFrontAccess Co.ProprietaryNetFrontNetFront?PrestoOpera SoftwareProprietaryOperaOpera[note 5]C++[5]PrinceYesLogic Pty LtdProprietaryPrincePrince (formerly called Prince XML)MercuryTasman[note 4]MicrosoftProprietaryMicrosoft EntourageInternet Explorer for Mac & Microsoft Entourage?The Bat!RitlabsProprietaryThe Bat!The Bat!DelphiTrident[note 4]MicrosoftProprietaryInternet ExplorerInternet ExplorerC++[6]ServoMozilla FoundationMPLRustWebKit[note 6]Apple, KDE, Nokia, BlackBerry, Palm, othersGNU LGPL, BSD-styleApple SafariApple SafariC++XEPRenderXProprietaryXEPXEPJavasource: https://en.wikipedia.org/wiki/Comparison_of_web_browser_engines

Google translated transcript of: http://www.edeation.fr/surfer-librement-les-navigateurs-independants/

Posted November 17, 2014 in Internet / mail , security / privacy and tagged browser by edeation . | Leave a comment

I spoke last week of derivatives free browsers to surf freely on the internet. Here today following withindependent browsers.

We start with QupZilla, light free Web browser (licensed under GPLv3) and cross-platform for the general public.

QupZilla offers extensive integration in standard desktop environments, without neglecting the customization options (many themes available).

In short, it was developed in the idea that „light“ does not necessarily mean „lack of features„.

Screenshots


Image/Photo

Image/Photo

Install

apt-get install qupzilla; # install qupzillaAbout QupZilla


QupZilla is a new and very fast QtWebEngine browser.

QtWebEngine integrates Chromium’s fast moving web capabilities into Qt. So it’s the same codebase as Sware Iron and Google Chrome.

You could checkout it’s 10Gbytes of source-code here: [url=https://chromium.googlesource.com/chromium/src.git]https://chromium.googlesource.com/chromium/src.git[/url]

Don’t expect it to play Youtube. If you wanna watch Youtube you could download any video with jdownloader.org

It aims to be a lightweight web browser available through all major platforms.

This project has been originally started only for educational purposes. But from its start, QupZilla has grown into a feature-rich browser.

QupZilla has all standard functions you expect from a web browser. It includes bookmarks, history (both also in sidebar) and tabs. Above that, it has by default enabled blocking ads with a built-in AdBlock plugin.

History


The very first version of QupZilla has been released in December 2010 and it was written in Python with PyQt4 bindings. After a few versions, QupZilla has been completely rewritten in C++ with the Qt Framework.

The Windows version of QupZilla was compiled using MingW, but due to a huge problem with Flash, it is now compiled with Microsoft Visual C++ Compiler 2008. First public release was 1.0.0-b4.

Until version 2.0, QupZilla was using QtWebKit. QtWebKit is now deprecated and new versions are using QtWebEngine.

Who creates QupZilla?


Image/Photo
David Rosca (nowrep)

Project owner and main developer, Student at FIT CTU

IRC: nowrep (irc.freenode.net)
E-mail: nowrep at gmail dot com
Jabber/XMPP: drosca@kdetalk.net

Apart from coding, others are contributing also by making translations or supporting QupZilla. Full list of contributors can be found here [at github].
You can also join IRC channel \#qupzilla at irc.freenode.net to chat with people involved in QupZilla.

More on that: http://dwaves.de/2016/02/16/alternative-browser-for-linux-qupzilla/

More Private, Right?


Another common assumption is that Chromium is not under Google’s direct control and so offers better privacy from intrusions such as those recently revealed on the part of the National Security Agency.

„I would say that is still an open-ended question,“ Paul B. Hill ([url=http://systemexperts.com]http://systemexperts.com)[/url] said. „You are giving developers less information when you are using Chromium. If you go to the Chrome store in Chromium, it is hard to say what additional tracking you are providing.“

The bigger risk is if you use Chromium and plug it into Google services like Gmail. If, from within Chromium, you do the sign-in authentication and do your Web browsing, you are probably providing just as much tracking information to Google as if you were running Chrome itself, according to Hill.

„That is where the developers get the majority of information from users,“ he explained. „It is not necessarily limited to any IP code in the Chrome browser itself.“

Chromium Alternatives


Users who really want to avoid as much tracking as possible would be better off using one of the Chromium derivatives or Linux distros that use tweaked versions of the Chromium browser that specifically address that ad-tracking feature and related information-gathering issues, suggested Hill.

Another advantage of this alternative-browser approach is additional security evaluations. For example, with some of these Chromium-based browsers, every time the Chromium community releases a new version, the smaller developer communities actually will evaluate the additional code.

That leads to decisions on whether or not to include the newer releases in these other third-party derivative browsers. This could have an impact on privacy and tracking that might not otherwise arise with either the Chromium core project or Google Chrome.

source: http://www.linuxinsider.com/story/79510.html

Dooble is itself a browser that focuses on privacy and user safety.

Another strong point is its universality, since Dooble currently available for FreeBSD, Linux, OS X and Windows.

Moreover, Dooble is in principle compatible with any operating system where Qt is available.

Konqueror

is a web browser and a free file manager free KDE desktop environment.

It can also display the contents of an FTP server, allowing to browse the local network and view files.

It uses KHTML rendering engine as the pages, which meets the HTML standards.

It supports JavaScript, Java applets, the CSS, SSL and other standards, as well as flash animations and video streaming.

For information this engine was taken over by Apple in its Safari browser.

Midori is a Japanese free browser that aims to be lightweight and fast.

It uses an interface based on the toolkit GTK + 2 and the rendering engine WebKitGTK + Web pages (a port of WebKit).

It has tabbed browsing (and easily Reorderable minimisables, with the option to display them vertically), a session management, management of bookmarks hierarchically by folders, the ability to search directly from the address bar (with a list of search engines), an auto-completion that shows real-time suggestions, search the page during data entry, a spell checker, a support scripts and styles, a support for Bookmarks scripted (bookmarklets), a cookie manager, a tool to selectively clean personal data (cookies …), in short, everything that makes a complete modern browser.

In the same vein, Kazehakase is another Japanese multilingual browser for Linux with GTK + 2 interface. It uses Gecko HTML rendering engine. However, the authors consider the possibility of using other renderers like GtkHTML, Dillo or w3m. Since version 0.4.5 release in early April 2007, Kazehakase may, on an experimental basis, rely on GTK + WebCore. And for information, it is the default browser shipped on the GNU / Linux Fluxbuntu.

Luakit is, as its name suggests, a browser based on Webkit lua. Configuration files allow to add features (for being a little unfamiliar with lua), allowing it to be fast and lightweight default. Its extreme modularity can also be fully manage the keyboard in vim mode.

K-Meleon is a free browser designed for various Microsoft Windows operating systems and using the Gecko engine to display pages. Its originality is that it is usable with only 32 MB of RAM while supporting the tabbed browsing. Light as a feather!

BlueLightCat is another fast and lightweight browser, but nevertheless complete with tabbed browsing, a private mode browsing, ad blocker, etc.

This is actually a fork of Arora, now developed into independence.

This list does not claim to be exhaustive but I think it gives a good state of market places at the end of 2014.

Note that I have not spoken minimalist browsers such as Lynx, Links, Links2, or Dillo w3m, which are not strictly speaking mainstream browsers, but browsers in ultra-light mode for text developer or obsolete equipment.

Hv3 Web Browser

http://www.freesoftwaremagazine.com/articles/h3v_web_browser_it_dillo_killer






Lightweight Web Browsers: Do we need Flash and JavaScript?

Netsurf : Hv3 : Dillo : Links2


Nowadays the real lightweight web browsers are those without JavaScript and Flash support or with a very limited one.

Because a web browser even with the lightest interface becomes heavyweight working with the modern internet crammed with scripts and multimedia.

These browsers are not numerous and some of them are moving towards getting JavaScript support – i.e. towards dropping out of the „Lightweight web browsers“ category.

Lightweight web browsers may be more advanced – with CSS support.

Or less – no CSS support or close to that.

source: [url=http://www.kompx.com/en/lightweight-web-browsers-for-linux.htm]http://www.kompx.com/en/lightweight-web-browsers-for-linux.htm[/url]

What is in the repository?


i searched the apt cache:

[cc lang=“bash“ escaped=“true“ width=“600″]

apt-cache search browser|grep web > ./temp/apt-cache-search_browser_web.txt; # manual sort:

==== webbrowsers:
qupzilla – lightweight web browser based on libqtwebkit

hv3 – Lightweight web browser

xombrero – minimalist web browser

surf – Simple web browser by suckless community

edbrowse – /bin/ed-alike webbrowser written in C

dillo – Small and fast web browser

conkeror – keyboard focused web browser with Emacs look and feel

arora – simple cross platform web browser

epiphany-browser – Intuitive GNOME web browser

hbro – minimal KISS-compliant web browser

jd – simple browser for „2ch-style“ web forum sites

konqueror (default KDE browser) – advanced file manager, web browser and document viewer
konq-plugins – plugins for Konqueror, the KDE file/web/document browser

netsurf-common – small web browser with CSS support common files
netsurf-fb – small web browser with CSS support for framebuffers
netsurf-gtk – small web browser with CSS support for GTK

==== web editors:
bluefish – advanced Gtk+ text editor for web and software development

==== other web related stuff:

xul-ext-adblock-plus – advertisement blocking extension for web browsers

libjs-angularjs – lets you write client-side web applications as if you had a smarter browser

garmin-plugin – browser plugin for communication with the fitness websites

gurlchecker – graphical websites checker

libghc-webkit-dev – Binding to the Webkit library
libghc-webkit-doc – Binding to the Webkit library; documentation

libhttpunit-java – automated web site testing toolkit

httrack – Copy websites to your computer (Offline browser)

webhttrack – Copy websites to your computer, httrack with a Web interface

jscommunicator-web-phone – Basic SIP video-phone web page using WebRTC

jwchat – full featured, web-based Jabber chat client

libphp-snoopy – Snoopy is a PHP class that simulates a web browser

man2html – browse man pages in your web browser

ntop – display network usage in web browser

nut-cgi – network UPS tools – web interface

libjs-openlayers – JavaScript library for displaying map data in web browsers

php-horde-webmail – Horde Groupware Webmail Edition

webalizer – web server log analysis program

webdruid – Web server log file analysis tool

zeya – web music server[/cc]

Links:


http://dwaves.de/2016/02/16/alternative-browser-for-linux-qupzilla/

http://www.linuxuser.co.uk/reviews/arora-web-browser-review

https://sourceforge.net/projects/zbrowser-linux/

https://sourceforge.net/projects/bluelightcat/

Other alternative fast / lightweight browsers: https://en.wikipedia.org/wiki/Comparison_of_lightweight_web_browsers

http://www.vavai.net/2010/01/7-lightweight-linux-browsers-you-may-want-to-consider-for-fast-browsing-experience/

\#linux #gnu #gnulinux #opensource #administration #sysops #alternatives #browsers #lightweight #palemoon
Quelle: http://dwaves.de/2016/02/16/linux-alternative-browsers-last-update-2018/
Linux: Alternative Browsers – last update: 2018

dwaves.de: » Linux: Alternative Browsers – last update: 2018 | dwaves.de (admin)


 
Spectre and Meltdown - Linus Torvalds infuriated by Intel insanity - Open CPU and rise of RISC? RISCV - hifive1

Update: 2018.07 – it’s getting worse – steal bytes WITHOUT RUNNING ANY CODE


this attack is SUPER SLOW but it could steal arbitrary Bytes (how many bytes are one root password? (well yes you would to have to know in advance where exactly the root password is in memory and then it is probably (hopefully) not in an unencrypted state but in an sha512sum hashed/encrypted state) from routers and servers WITHOUT RUNNING ANY CODE on the system itself?

https://misc0110.net/web/files/netspectre.pdf

mirror: netspectre.pdf

src: https://www.heise.de//security/meldung/NetSpectre-liest-RAM-via-Netzwerk-aus-4121831.html?wt_mc=nl.heisec-summary.2018-07-30

another reason, why JavaScript should be avoided in WebDevelopment


(this will hit the AngularJS, JQuery and NoScript guys BADLY, Richard Stallmann is right.)

Websites should get rid of JavaScript all together – if a website does not work – with NoScript turned on – it sucks.

https://vvdveen.com/publications/dimva2018.pdf

mirror: GuardION – Practical Mitigation of DMA-based – Rowhammer Attacks on ARM – Vrije Universiteit Amsterdam.pdf

Hello \#Firefox, this is \#Meltdown. And these are your passwords.


… intel, i think you just broke the internet.




src: https://github.com/IAIK/meltdown

Update: Android and ARM affected – iPhones too?


„Over the last two years, the Rowhammer bug transformed from a hard-to-exploit DRAM disturbance error into a fully weaponized attack vector“

Paper on RowHammer: https://gruss.cc/files/rowhammerjs.pdf

mirror download for paper: Paper on Rowhammer.js – A Remote Software-Induced Fault Attack in JavaScript Daniel Gruss, Clementine Maurice and Stefan Mangard Graz University of Technology Austria – rowhammerjs.pdf

Doesn’t this sound great?

I wonder when i can install the first JavaScript based exploit on my website X-D and connecting an ARM-based SmartPhone to the internet becomes equally dangerous than an non-updated Windows 7 or Windows XP. (you can count down 10 seconds until the first virus is remotely installed)

2015: RowHammer.js (src)

„it’s a piece of JavaScript code that can escape a web browser’s security sandbox and gain access to the physical memory of your computer.“

„Insanity: doing the same thing over and over again and expecting different results.“
Albert Einstein – Who did not live long enough to see Rowhammer

ccc 2015:

https://media.ccc.de/v/32c3-7197-rowhammer_js_root_privileges_for_web_apps

Google is downplaying the problem.

the paper continues:

„Researchers demonstrated exploits not only against desktop computers, but also used single bit flips to compromise the cloud and mobile devices, all without relying on any software vulnerability.

Since hardware-level mitigations cannot be backported, a search for software defenses is pressing.

Proposals made by both academia and industry, however, are either impractical to deploy, or insufficient in stopping

all attacks: we present rampage, a set of DMA-based Rowhammer attacks against the latest Android OS, consisting of (1) a root exploit, and (2) a series of app-to-app exploit scenarios that bypass all defenses.

To mitigate Rowhammer exploitation on ARM, we propose guardion, a lightweight defense that prevents DMA-based attacks – the main attack vector on mobile devices – by isolating DMA buffers with guard rows.

We evaluate guardion on 22 benchmark apps and show that it has a negligible memory overhead (2.2 MB on average).

We further show that we can improve system performance by re-enabling higher order allocations after Google disabled these as a reaction to previous attacks.“

src: https://vvdveen.com/publications/dimva2018.pdf

Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation


risc v is very new: https://wiki.debian.org/InstallingDebianOn/SiFive/HiFiveUnleashed

buy here: [url=https://www.crowdsupply.com/sifive/hifive1]https://www.crowdsupply.com/sifive/hifive1[/url]

why no ethernet port per default? Freedom U540

https://youtu.be/RCQqDdK4Hkw
<span style="color: &#35;ff6600;"><strong>From: David Woodhouse  
Date:  Sun Jan 21 2018 - 15:28:51 EST</strong></span> 
```- **Next message:**  [ulrik . debie-os: „Re: \[PATCH\] Input: trackpoint – force 3 buttons if 0 button is reported“]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04602.html]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04602.html[/url]) 
- **Previous message:**  [David Lechner: „\[PATCH\] mmc: davinci: suppress error message on EPROBE\_DEFER“]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04600.html]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04600.html[/url]) 
- **In reply to:**  [Andy Lutomirski: „Re: \[RFC 09/10\] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation“]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/06508.html]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/06508.html[/url]) 
- **Next in thread:**  [Linus Torvalds: „Re: \[RFC 09/10\] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation“]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04628.html]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04628.html[/url]) 
- **Messages sorted by:** [\[ date \]]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/date.html&#35;04601]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/date.html&#35;04601[/url]) [\[ thread \]]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/index.html&#35;04601]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/index.html&#35;04601[/url]) [\[ subject \]]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/subject.html&#35;04601]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/subject.html&#35;04601[/url]) [\[ author \]]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/author.html&#35;04601]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/author.html&#35;04601[/url]) 

- - - - - -

On Sun, 2018-01-21 at 11:34 -0800, Linus Torvalds wrote:
> All of this is pure garbage.
>
> Is Intel really planning on making this shit architectural? Has
> anybody talked to them and told them they are f*cking insane?
>
> Please, any Intel engineers here - talk to your managers.Â


If the alternative was a two-decade product recall and [color="#ff0000"]giving everyone[/color]
[color="#ff0000"] free CPUs, I'm not sure it was entirely insane.[/color]

Certainly it's a nasty hack, but hey â the world was on fire and in the end we didn't have to just turn the datacentres off and go back to goat farming, so it's not all bad.

```my comment: that is exactly what Intel OUGHT to do: recall all CPUs of the last 20 years.

IMHO the „motive“ of intel/AMD is pretty clear: „yes we admit our product is flawed – we try to give you a choice: flip the IBRS_ALL bit and get a 20% speed penalty but (probably) fix the security whole. Or leave the whole wide open because your infrastructure is physically shielded against intruders and NOT connected to the internet.“

Another possibility: fire their managers close down and start over under a new name with a new design and a hacking team that tries to constantly break things?

That would be the clean thing to do to save their economic asses uh i mean assets.

But that will not be enough: Intel / AMD / CPU and Hardware manufacturer: To avoid future mistakes follow the UNIX philosophy: 1. Simplify 2. Simplify 3. Simplify – everything.

Even Dr Sheldon Cooper or Einstein makes mistakes: Complexity is THE ENEMY in this game for perfection. (that only god and/or nobody can achieve, check out the „perfect software“ paradigm)

if you don’t believe me, you might believe: McIlroy:
Image/Photo

src: https://homepage.cs.uri.edu/~thenry/resources/unix_art/ch01s07.html

„We used to sit around in the Unix Room saying, ‚What can we throw out? Why is there this option?‘

It’s often because there is some deficiency in the basic design — you didn’t really hit the right design point.

Instead of adding an option, think about what was forcing you to add that option.“

Never the less errors will be made: If architectural / design errors surface that can not be fixed by software – there should be some kind of recall mechanism, but this is expensive for the producer, so what probably happens is: Make the customer / re-seller bear the risk: If you want to run a Intel based computer, you will have to agree to some disclaimer like on software:

„THIS CPU IS SOLD „AS IS“ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
You are solely responsible for determining the appropriateness of using or redistributing this CPU and assume any risks associated with Your exercise of permissions under this License.“

Means: We don’t know if we just sold you a bunch of crap technology with unfixable security wholes – because this product is so complex – we kind of lost control over it’s quality – so all risk is on YOU!

That is just how mankind is: Apes with complex technology and technology dependent lifestyles that could get out of hand if no learning curve existed: so simplify, simplify, simplify!

Let’s just hope your lifestyle has no unfixable security problems.

Even worse: The monetary system actually might „encourage“ to repeat mistakes such as war – because it is good money for the „hardware“ (weapons) manufacturers.

And that is exactly what Intel will do: Save it’s ass – despite the flood (32 and more) lawsuits.

So Intel tries to sell it’s fix as „security“ and will not compensate the damaged datacenter owners – which probably are forced to rebuy, rebuy, rebuy Intel’s new CPU or go to an alternative CPU manufacturer that does not have this trouble (is there still one? Apple gave up on that… MISTAKE! another reason why monoculture sucks – not only in farming and nature).

Look at traffic: You could go by train, by car or by bus or by airplane or bicycle or horse or elephant or soon: DroneTaxi or or simply: walk.

There are basically completely different „methods“ of doing the same thing: travel distances and/or transport stuff.

And thus provide redundancy for the: travel/transport problem.

But redundancy costs money… repeating mistakes does too.

Oracle SPARC has the same problems.

This could be THE CHANCE for alternative CPU manufactureres and maybe even: Open Hardware?


Image/Photo

„The RISC-V Foundation says that no currently announced RISC-V CPU is vulnerable to Meltdown and Spectre“

„Until recently, RISC-V hadn’t seen much adoption in industry, but, in the past two years, Nvidia and Western Digital both announced that they would be adopting RISC-V CPUs. In light of the recent Meltdown/Spectre issue, the RISC-V foundation has released a statement on the vulnerabilities’ impact on RISC-V development.“

https://www.tomshardware.com/news/risc-v-not-vulnerable-meltdown-spectre-cpu-bugs,36231.html

https://riscv.org/

https://en.wikipedia.org/wiki/RISC-V

https://github.com/freechipsproject/rocket-chip

„As CISC raises too many verification problems, and a closed-source chip design cannot be trusted, the only solution is open-source RISC:“


openSPARC T1




OpenSPARC T1 is the open source version of the UltraSPARC T1 processor, a multi-core, 64-bit multiprocessor. The UltraSPARC T1 processor with CoolThreadstechnology was the highest-throughput and most eco-responsible processor ever created when it became available in the UltraSPARC T1 system. It was a breakthrough discovery for reducing data center energy consumption, while dramatically increasing throughput. Its 32 simultaneous processing threads, drawing about as much power as a light bulb, gave customers the best performance per watt of any processor available.

OpenSPARC T1 source components are covered under multiple open source licenses. The majority of OpenSPARC T1 source code is released under the GNU General Public License. GNU General Public License Source based on existing open source projects will continue to be available under their current licenses. Binary programs are released under a binary Software License Agreement.

Image/PhotoDocs & Specs
Image/PhotoSource Browser
Image/PhotoDownload
Image/PhotoFAQ

openSPARC T2

https://github.com/openrisc

https://github.com/riscv https://github.com/riscv/riscv-qemu

Is Open Source RISC-V Ready to Take on Intel, AMD, and ARM in the Data Center?


http://www.datacenterknowledge.com/hardware/open-source-risc-v-ready-take-intel-amd-and-arm-data-center

Open source startup SiFive introduces a single board computer running Linux on the open RISC-V architecture. Is the data center next?

costly RISC-V mainboard and CPU: https://www.crowdsupply.com/sifive/hifive-unleashed

LinuxGizmos.com:“Aside from being open source and customizable, one of the main benefits of RISC-V is that it is fully modern, purpose built, and unburdened with legacy code.“

https://www.heise.de/newsticker/meldung/RISC-V-Entwickler-Board-mit-64-Bit-Chip-und-Linux-ab-Juni-3960308.html

costly dev board: https://www.crowdsupply.com/microsemi/hifive-unleashed-expansion-board

… but only if we (can) buy it.

Debian supported CPU architectures:

Motorola 680x0:      | m68k 
       - Atari            |   - atari 
       - Amiga            |   - amiga 
       - 68k Macintosh    |   - mac 
       - VME              |   - bvme6000 
                          |   - mvme147 
                          |   - mvme16x 
                          |  
     DEC Alpha            | alpha 
                          |   - generic 
                          |   - jensen 
                          |   - nautilus 
                          |  
     Sun SPARC            | sparc 
                          |   - sun4cdm 
                          |   - sun4u 
The UltraSPARC class systems fall under the sun4u identifier, 
and are supported using the sun4u set of install images. 
                          |    
     ARM and StrongARM    | arm 
                          |   - netwinder 
                          |   - riscpc 
                          |   - shark 
                          |   - lart 
                          |  
     IBM/Motorola PowerPC | powerpc 
       - CHRP             |   - chrp 
       - PowerMac         |   - powermac, new-powermac 
       - PReP             |   - prep 
       - APUS             |   - apus 
                          |  
     HP PA-RISC           | hppa 
       - PA-RISC 1.1      |   - 32 
       - PA-RISC 2.0      |   - 64 
                          | 
     Intel ia64-based     | ia64 
                          | 
     MIPS (big endian)    | mips 
       - SGI Indy/I2      |  - r4k-ip22 
                          |  
     MIPS (little endian) | mipsel 
       - DEC Decstation   |  - r4k-kn04 
                          |  - r3k-kn02 
                          |  
     IBM S/390            | s390 
                          |  - tape 
                          |  - vmrdr 
```… the mail continues:


As a hack for existing CPUs, it's just about tolerable â as long as it
can die entirely by the next generation.


So the part is I think is odd is the IBRS_ALL feature, where a future
CPU will advertise "I am able to be not broken" and then you have to
set the IBRS bit once at boot time to ask it not to be broken. That
part is weird, because it ought to have been treated like the RDCL_NO
bit â just "you don't have to worry any more, it got better".

https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf

``````
We do need the IBPB feature to complete the protection that retpoline
gives us â it's that or rebuild all of userspace with retpoline.


We'll also want to expose IBRS to VM guests, since Windows uses it.

I think we could probably live without the IBRS frobbing in our own
syscall/interrupt paths, as long as we're prepared to live with the
very hypothetical holes that still exist on Skylake. Because I like
IBRS more... no, let me rephrase... I hate IBRS less than I hate the
'deepstack' and other stuff that was being proposed to make Skylake
almost safe with retpoline.
```http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04601.html

„As a programmer, it is your job to put yourself out of business. What you do today can be automated tomorrow.“

Doug McIlroy

Damn this guy is a philosopher.

\#linux #gnu #gnulinux #opensource #administration #sysops #unix #intel #spectre #meltdown #kernel #kiss #simplicity #simplify #cpu #amd #cisc #risc #rowhammer #firefox #iphone #arm #security #itsec #cybersec #cybersercurity #cyber #internetsecurity #web
Quelle: http://dwaves.de/2018/05/09/spectre-and-meltdown-linus-torvalds-infuriated-by-intel-insanity-open-cpu-and-rise-of-risc/
Spectre and Meltdown – Linus Torvalds infuriated by Intel insanity – Open CPU and rise of RISC? RISCV – hifive1

dwaves.de: » Spectre and Meltdown – Linus Torvalds infuriated by Intel insanity – Open CPU and rise of RISC? RISCV – hifive1 | dwaves.de (admin)


 
Spectre and Meltdown - Linus Torvalds infuriated by Intel insanity - Open CPU and rise of RISC? RISCV - hifive1

Update: 2018.07 – it’s getting worse – steal bytes WITHOUT RUNNING ANY CODE


this attack is SUPER SLOW but it could steal arbitrary Bytes (how many bytes are one root password? (well yes you would to have to know in advance where exactly the root password is in memory and then it is probably (hopefully) not in an unencrypted state but in an sha512sum hashed/encrypted state) from routers and servers WITHOUT RUNNING ANY CODE on the system itself?

https://misc0110.net/web/files/netspectre.pdf

mirror: netspectre.pdf

src: https://www.heise.de//security/meldung/NetSpectre-liest-RAM-via-Netzwerk-aus-4121831.html?wt_mc=nl.heisec-summary.2018-07-30

another reason, why JavaScript should be avoided in WebDevelopment


(this will hit the AngularJS, JQuery and NoScript guys BADLY, Richard Stallmann is right.)

Websites should get rid of JavaScript all together – if a website does not work – with NoScript turned on – it sucks.

https://vvdveen.com/publications/dimva2018.pdf

mirror: GuardION – Practical Mitigation of DMA-based – Rowhammer Attacks on ARM – Vrije Universiteit Amsterdam.pdf

Hello \#Firefox, this is \#Meltdown. And these are your passwords.


… intel, i think you just broke the internet.




src: https://github.com/IAIK/meltdown

Update: Android and ARM affected – iPhones too?


„Over the last two years, the Rowhammer bug transformed from a hard-to-exploit DRAM disturbance error into a fully weaponized attack vector“

Paper on RowHammer: https://gruss.cc/files/rowhammerjs.pdf

mirror download for paper: Paper on Rowhammer.js – A Remote Software-Induced Fault Attack in JavaScript Daniel Gruss, Clementine Maurice and Stefan Mangard Graz University of Technology Austria – rowhammerjs.pdf

Doesn’t this sound great?

I wonder when i can install the first JavaScript based exploit on my website X-D and connecting an ARM-based SmartPhone to the internet becomes equally dangerous than an non-updated Windows 7 or Windows XP. (you can count down 10 seconds until the first virus is remotely installed)

2015: RowHammer.js (src)

„it’s a piece of JavaScript code that can escape a web browser’s security sandbox and gain access to the physical memory of your computer.“

„Insanity: doing the same thing over and over again and expecting different results.“
Albert Einstein – Who did not live long enough to see Rowhammer

ccc 2015:

https://media.ccc.de/v/32c3-7197-rowhammer_js_root_privileges_for_web_apps

Google is downplaying the problem.

the paper continues:

„Researchers demonstrated exploits not only against desktop computers, but also used single bit flips to compromise the cloud and mobile devices, all without relying on any software vulnerability.

Since hardware-level mitigations cannot be backported, a search for software defenses is pressing.

Proposals made by both academia and industry, however, are either impractical to deploy, or insufficient in stopping

all attacks: we present rampage, a set of DMA-based Rowhammer attacks against the latest Android OS, consisting of (1) a root exploit, and (2) a series of app-to-app exploit scenarios that bypass all defenses.

To mitigate Rowhammer exploitation on ARM, we propose guardion, a lightweight defense that prevents DMA-based attacks – the main attack vector on mobile devices – by isolating DMA buffers with guard rows.

We evaluate guardion on 22 benchmark apps and show that it has a negligible memory overhead (2.2 MB on average).

We further show that we can improve system performance by re-enabling higher order allocations after Google disabled these as a reaction to previous attacks.“

src: https://vvdveen.com/publications/dimva2018.pdf

Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation


risc v is very new: https://wiki.debian.org/InstallingDebianOn/SiFive/HiFiveUnleashed

buy here: [url=https://www.crowdsupply.com/sifive/hifive1]https://www.crowdsupply.com/sifive/hifive1[/url]

why no ethernet port per default? Freedom U540

https://youtu.be/RCQqDdK4Hkw
<span style="color: &#35;ff6600;"><strong>From: David Woodhouse  
Date:  Sun Jan 21 2018 - 15:28:51 EST</strong></span> 
```- **Next message:**  [ulrik . debie-os: „Re: \[PATCH\] Input: trackpoint – force 3 buttons if 0 button is reported“]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04602.html]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04602.html[/url]) 
- **Previous message:**  [David Lechner: „\[PATCH\] mmc: davinci: suppress error message on EPROBE\_DEFER“]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04600.html]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04600.html[/url]) 
- **In reply to:**  [Andy Lutomirski: „Re: \[RFC 09/10\] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation“]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/06508.html]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/06508.html[/url]) 
- **Next in thread:**  [Linus Torvalds: „Re: \[RFC 09/10\] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation“]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04628.html]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04628.html[/url]) 
- **Messages sorted by:** [\[ date \]]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/date.html&#35;04601]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/date.html&#35;04601[/url]) [\[ thread \]]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/index.html&#35;04601]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/index.html&#35;04601[/url]) [\[ subject \]]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/subject.html&#35;04601]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/subject.html&#35;04601[/url]) [\[ author \]]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/author.html&#35;04601]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/author.html&#35;04601[/url]) 

- - - - - -

On Sun, 2018-01-21 at 11:34 -0800, Linus Torvalds wrote:
> All of this is pure garbage.
>
> Is Intel really planning on making this shit architectural? Has
> anybody talked to them and told them they are f*cking insane?
>
> Please, any Intel engineers here - talk to your managers.Â


If the alternative was a two-decade product recall and [color="#ff0000"]giving everyone[/color]
[color="#ff0000"] free CPUs, I'm not sure it was entirely insane.[/color]

Certainly it's a nasty hack, but hey â the world was on fire and in the end we didn't have to just turn the datacentres off and go back to goat farming, so it's not all bad.

```my comment: that is exactly what Intel OUGHT to do: recall all CPUs of the last 20 years.

IMHO the „motive“ of intel/AMD is pretty clear: „yes we admit our product is flawed – we try to give you a choice: flip the IBRS_ALL bit and get a 20% speed penalty but (probably) fix the security whole. Or leave the whole wide open because your infrastructure is physically shielded against intruders and NOT connected to the internet.“

Another possibility: fire their managers close down and start over under a new name with a new design and a hacking team that tries to constantly break things?

That would be the clean thing to do to save their economic asses uh i mean assets.

But that will not be enough: Intel / AMD / CPU and Hardware manufacturer: To avoid future mistakes follow the UNIX philosophy: 1. Simplify 2. Simplify 3. Simplify – everything.

Even Dr Sheldon Cooper or Einstein makes mistakes: Complexity is THE ENEMY in this game for perfection. (that only god and/or nobody can achieve, check out the „perfect software“ paradigm)

if you don’t believe me, you might believe: McIlroy:
Image/Photo

src: https://homepage.cs.uri.edu/~thenry/resources/unix_art/ch01s07.html

„We used to sit around in the Unix Room saying, ‚What can we throw out? Why is there this option?‘

It’s often because there is some deficiency in the basic design — you didn’t really hit the right design point.

Instead of adding an option, think about what was forcing you to add that option.“

Never the less errors will be made: If architectural / design errors surface that can not be fixed by software – there should be some kind of recall mechanism, but this is expensive for the producer, so what probably happens is: Make the customer / re-seller bear the risk: If you want to run a Intel based computer, you will have to agree to some disclaimer like on software:

„THIS CPU IS SOLD „AS IS“ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
You are solely responsible for determining the appropriateness of using or redistributing this CPU and assume any risks associated with Your exercise of permissions under this License.“

Means: We don’t know if we just sold you a bunch of crap technology with unfixable security wholes – because this product is so complex – we kind of lost control over it’s quality – so all risk is on YOU!

That is just how mankind is: Apes with complex technology and technology dependent lifestyles that could get out of hand if no learning curve existed: so simplify, simplify, simplify!

Let’s just hope your lifestyle has no unfixable security problems.

Even worse: The monetary system actually might „encourage“ to repeat mistakes such as war – because it is good money for the „hardware“ (weapons) manufacturers.

And that is exactly what Intel will do: Save it’s ass – despite the flood (32 and more) lawsuits.

So Intel tries to sell it’s fix as „security“ and will not compensate the damaged datacenter owners – which probably are forced to rebuy, rebuy, rebuy Intel’s new CPU or go to an alternative CPU manufacturer that does not have this trouble (is there still one? Apple gave up on that… MISTAKE! another reason why monoculture sucks – not only in farming and nature).

Look at traffic: You could go by train, by car or by bus or by airplane or bicycle or horse or elephant or soon: DroneTaxi or or simply: walk.

There are basically completely different „methods“ of doing the same thing: travel distances and/or transport stuff.

And thus provide redundancy for the: travel/transport problem.

But redundancy costs money… repeating mistakes does too.

Oracle SPARC has the same problems.

This could be THE CHANCE for alternative CPU manufactureres and maybe even: Open Hardware?


Image/Photo

„The RISC-V Foundation says that no currently announced RISC-V CPU is vulnerable to Meltdown and Spectre“

„Until recently, RISC-V hadn’t seen much adoption in industry, but, in the past two years, Nvidia and Western Digital both announced that they would be adopting RISC-V CPUs. In light of the recent Meltdown/Spectre issue, the RISC-V foundation has released a statement on the vulnerabilities’ impact on RISC-V development.“

https://www.tomshardware.com/news/risc-v-not-vulnerable-meltdown-spectre-cpu-bugs,36231.html

https://riscv.org/

https://en.wikipedia.org/wiki/RISC-V

https://github.com/freechipsproject/rocket-chip

„As CISC raises too many verification problems, and a closed-source chip design cannot be trusted, the only solution is open-source RISC:“


openSPARC T1




OpenSPARC T1 is the open source version of the UltraSPARC T1 processor, a multi-core, 64-bit multiprocessor. The UltraSPARC T1 processor with CoolThreadstechnology was the highest-throughput and most eco-responsible processor ever created when it became available in the UltraSPARC T1 system. It was a breakthrough discovery for reducing data center energy consumption, while dramatically increasing throughput. Its 32 simultaneous processing threads, drawing about as much power as a light bulb, gave customers the best performance per watt of any processor available.

OpenSPARC T1 source components are covered under multiple open source licenses. The majority of OpenSPARC T1 source code is released under the GNU General Public License. GNU General Public License Source based on existing open source projects will continue to be available under their current licenses. Binary programs are released under a binary Software License Agreement.

Image/PhotoDocs & Specs
Image/PhotoSource Browser
Image/PhotoDownload
Image/PhotoFAQ

openSPARC T2

https://github.com/openrisc

https://github.com/riscv https://github.com/riscv/riscv-qemu

Is Open Source RISC-V Ready to Take on Intel, AMD, and ARM in the Data Center?


http://www.datacenterknowledge.com/hardware/open-source-risc-v-ready-take-intel-amd-and-arm-data-center

Open source startup SiFive introduces a single board computer running Linux on the open RISC-V architecture. Is the data center next?

costly RISC-V mainboard and CPU: https://www.crowdsupply.com/sifive/hifive-unleashed

LinuxGizmos.com:“Aside from being open source and customizable, one of the main benefits of RISC-V is that it is fully modern, purpose built, and unburdened with legacy code.“

https://www.heise.de/newsticker/meldung/RISC-V-Entwickler-Board-mit-64-Bit-Chip-und-Linux-ab-Juni-3960308.html

costly dev board: https://www.crowdsupply.com/microsemi/hifive-unleashed-expansion-board

… but only if we (can) buy it.

Debian supported CPU architectures:

Motorola 680x0:      | m68k 
       - Atari            |   - atari 
       - Amiga            |   - amiga 
       - 68k Macintosh    |   - mac 
       - VME              |   - bvme6000 
                          |   - mvme147 
                          |   - mvme16x 
                          |  
     DEC Alpha            | alpha 
                          |   - generic 
                          |   - jensen 
                          |   - nautilus 
                          |  
     Sun SPARC            | sparc 
                          |   - sun4cdm 
                          |   - sun4u 
The UltraSPARC class systems fall under the sun4u identifier, 
and are supported using the sun4u set of install images. 
                          |    
     ARM and StrongARM    | arm 
                          |   - netwinder 
                          |   - riscpc 
                          |   - shark 
                          |   - lart 
                          |  
     IBM/Motorola PowerPC | powerpc 
       - CHRP             |   - chrp 
       - PowerMac         |   - powermac, new-powermac 
       - PReP             |   - prep 
       - APUS             |   - apus 
                          |  
     HP PA-RISC           | hppa 
       - PA-RISC 1.1      |   - 32 
       - PA-RISC 2.0      |   - 64 
                          | 
     Intel ia64-based     | ia64 
                          | 
     MIPS (big endian)    | mips 
       - SGI Indy/I2      |  - r4k-ip22 
                          |  
     MIPS (little endian) | mipsel 
       - DEC Decstation   |  - r4k-kn04 
                          |  - r3k-kn02 
                          |  
     IBM S/390            | s390 
                          |  - tape 
                          |  - vmrdr 
```… the mail continues:


As a hack for existing CPUs, it's just about tolerable â as long as it
can die entirely by the next generation.


So the part is I think is odd is the IBRS_ALL feature, where a future
CPU will advertise "I am able to be not broken" and then you have to
set the IBRS bit once at boot time to ask it not to be broken. That
part is weird, because it ought to have been treated like the RDCL_NO
bit â just "you don't have to worry any more, it got better".

https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf

``````
We do need the IBPB feature to complete the protection that retpoline
gives us â it's that or rebuild all of userspace with retpoline.


We'll also want to expose IBRS to VM guests, since Windows uses it.

I think we could probably live without the IBRS frobbing in our own
syscall/interrupt paths, as long as we're prepared to live with the
very hypothetical holes that still exist on Skylake. Because I like
IBRS more... no, let me rephrase... I hate IBRS less than I hate the
'deepstack' and other stuff that was being proposed to make Skylake
almost safe with retpoline.
```http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04601.html

„As a programmer, it is your job to put yourself out of business. What you do today can be automated tomorrow.“

Doug McIlroy

Damn this guy is a philosopher.

\#linux #gnu #gnulinux #opensource #administration #sysops #unix #intel #spectre #meltdown #kernel #kiss #simplicity #simplify #cpu #amd #cisc #risc #rowhammer #firefox #iphone #arm #security #itsec #cybersec #cybersercurity #cyber #internetsecurity #web
Quelle: http://dwaves.de/2018/05/09/spectre-and-meltdown-linus-torvalds-infuriated-by-intel-insanity-open-cpu-and-rise-of-risc/
Spectre and Meltdown – Linus Torvalds infuriated by Intel insanity – Open CPU and rise of RISC? RISCV – hifive1

dwaves.de: » Spectre and Meltdown – Linus Torvalds infuriated by Intel insanity – Open CPU and rise of RISC? RISCV – hifive1 | dwaves.de (admin)


 
Spectre and Meltdown - Linus Torvalds infuriated by Intel insanity - Open CPU and rise of RISC? RISCV - hifive1

Update: 2018.07 – it’s getting worse – steal bytes WITHOUT RUNNING ANY CODE


this attack is SUPER SLOW but it could steal arbitrary Bytes (how many bytes are one root password? (well yes you would to have to know in advance where exactly the root password is in memory and then it is probably (hopefully) not in an unencrypted state but in an sha512sum hashed/encrypted state) from routers and servers WITHOUT RUNNING ANY CODE on the system itself?

https://misc0110.net/web/files/netspectre.pdf

mirror: netspectre.pdf

src: https://www.heise.de//security/meldung/NetSpectre-liest-RAM-via-Netzwerk-aus-4121831.html?wt_mc=nl.heisec-summary.2018-07-30

another reason, why JavaScript should be avoided in WebDevelopment


(this will hit the AngularJS, JQuery and NoScript guys BADLY, Richard Stallmann is right.)

Websites should get rid of JavaScript all together – if a website does not work – with NoScript turned on – it sucks.

https://vvdveen.com/publications/dimva2018.pdf

mirror: GuardION – Practical Mitigation of DMA-based – Rowhammer Attacks on ARM – Vrije Universiteit Amsterdam.pdf

Hello \#Firefox, this is \#Meltdown. And these are your passwords.


… intel, i think you just broke the internet.




src: https://github.com/IAIK/meltdown

Update: Android and ARM affected – iPhones too?


„Over the last two years, the Rowhammer bug transformed from a hard-to-exploit DRAM disturbance error into a fully weaponized attack vector“

Paper on RowHammer: https://gruss.cc/files/rowhammerjs.pdf

mirror download for paper: Paper on Rowhammer.js – A Remote Software-Induced Fault Attack in JavaScript Daniel Gruss, Clementine Maurice and Stefan Mangard Graz University of Technology Austria – rowhammerjs.pdf

Doesn’t this sound great?

I wonder when i can install the first JavaScript based exploit on my website X-D and connecting an ARM-based SmartPhone to the internet becomes equally dangerous than an non-updated Windows 7 or Windows XP. (you can count down 10 seconds until the first virus is remotely installed)

2015: RowHammer.js (src)

„it’s a piece of JavaScript code that can escape a web browser’s security sandbox and gain access to the physical memory of your computer.“

„Insanity: doing the same thing over and over again and expecting different results.“
Albert Einstein – Who did not live long enough to see Rowhammer

ccc 2015:

https://media.ccc.de/v/32c3-7197-rowhammer_js_root_privileges_for_web_apps

Google is downplaying the problem.

the paper continues:

„Researchers demonstrated exploits not only against desktop computers, but also used single bit flips to compromise the cloud and mobile devices, all without relying on any software vulnerability.

Since hardware-level mitigations cannot be backported, a search for software defenses is pressing.

Proposals made by both academia and industry, however, are either impractical to deploy, or insufficient in stopping

all attacks: we present rampage, a set of DMA-based Rowhammer attacks against the latest Android OS, consisting of (1) a root exploit, and (2) a series of app-to-app exploit scenarios that bypass all defenses.

To mitigate Rowhammer exploitation on ARM, we propose guardion, a lightweight defense that prevents DMA-based attacks – the main attack vector on mobile devices – by isolating DMA buffers with guard rows.

We evaluate guardion on 22 benchmark apps and show that it has a negligible memory overhead (2.2 MB on average).

We further show that we can improve system performance by re-enabling higher order allocations after Google disabled these as a reaction to previous attacks.“

src: https://vvdveen.com/publications/dimva2018.pdf

Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation


risc v is very new: https://wiki.debian.org/InstallingDebianOn/SiFive/HiFiveUnleashed

buy here: [url=https://www.crowdsupply.com/sifive/hifive1]https://www.crowdsupply.com/sifive/hifive1[/url]

why no ethernet port per default? Freedom U540

https://youtu.be/RCQqDdK4Hkw
<span style="color: &#35;ff6600;"><strong>From: David Woodhouse  
Date:  Sun Jan 21 2018 - 15:28:51 EST</strong></span> 
```- **Next message:**  [ulrik . debie-os: „Re: \[PATCH\] Input: trackpoint – force 3 buttons if 0 button is reported“]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04602.html]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04602.html[/url]) 
- **Previous message:**  [David Lechner: „\[PATCH\] mmc: davinci: suppress error message on EPROBE\_DEFER“]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04600.html]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04600.html[/url]) 
- **In reply to:**  [Andy Lutomirski: „Re: \[RFC 09/10\] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation“]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/06508.html]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/06508.html[/url]) 
- **Next in thread:**  [Linus Torvalds: „Re: \[RFC 09/10\] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation“]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04628.html]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04628.html[/url]) 
- **Messages sorted by:** [\[ date \]]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/date.html&#35;04601]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/date.html&#35;04601[/url]) [\[ thread \]]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/index.html&#35;04601]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/index.html&#35;04601[/url]) [\[ subject \]]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/subject.html&#35;04601]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/subject.html&#35;04601[/url]) [\[ author \]]([url=http://lkml.iu.edu/hypermail/linux/kernel/1801.2/author.html&#35;04601]http://lkml.iu.edu/hypermail/linux/kernel/1801.2/author.html&#35;04601[/url]) 

- - - - - -

On Sun, 2018-01-21 at 11:34 -0800, Linus Torvalds wrote:
> All of this is pure garbage.
>
> Is Intel really planning on making this shit architectural? Has
> anybody talked to them and told them they are f*cking insane?
>
> Please, any Intel engineers here - talk to your managers.Â


If the alternative was a two-decade product recall and [color="#ff0000"]giving everyone[/color]
[color="#ff0000"] free CPUs, I'm not sure it was entirely insane.[/color]

Certainly it's a nasty hack, but hey â the world was on fire and in the end we didn't have to just turn the datacentres off and go back to goat farming, so it's not all bad.

```my comment: that is exactly what Intel OUGHT to do: recall all CPUs of the last 20 years.

IMHO the „motive“ of intel/AMD is pretty clear: „yes we admit our product is flawed – we try to give you a choice: flip the IBRS_ALL bit and get a 20% speed penalty but (probably) fix the security whole. Or leave the whole wide open because your infrastructure is physically shielded against intruders and NOT connected to the internet.“

Another possibility: fire their managers close down and start over under a new name with a new design and a hacking team that tries to constantly break things?

That would be the clean thing to do to save their economic asses uh i mean assets.

But that will not be enough: Intel / AMD / CPU and Hardware manufacturer: To avoid future mistakes follow the UNIX philosophy: 1. Simplify 2. Simplify 3. Simplify – everything.

Even Dr Sheldon Cooper or Einstein makes mistakes: Complexity is THE ENEMY in this game for perfection. (that only god and/or nobody can achieve, check out the „perfect software“ paradigm)

if you don’t believe me, you might believe: McIlroy:
Image/Photo

src: https://homepage.cs.uri.edu/~thenry/resources/unix_art/ch01s07.html

„We used to sit around in the Unix Room saying, ‚What can we throw out? Why is there this option?‘

It’s often because there is some deficiency in the basic design — you didn’t really hit the right design point.

Instead of adding an option, think about what was forcing you to add that option.“

Never the less errors will be made: If architectural / design errors surface that can not be fixed by software – there should be some kind of recall mechanism, but this is expensive for the producer, so what probably happens is: Make the customer / re-seller bear the risk: If you want to run a Intel based computer, you will have to agree to some disclaimer like on software:

„THIS CPU IS SOLD „AS IS“ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
You are solely responsible for determining the appropriateness of using or redistributing this CPU and assume any risks associated with Your exercise of permissions under this License.“

Means: We don’t know if we just sold you a bunch of crap technology with unfixable security wholes – because this product is so complex – we kind of lost control over it’s quality – so all risk is on YOU!

That is just how mankind is: Apes with complex technology and technology dependent lifestyles that could get out of hand if no learning curve existed: so simplify, simplify, simplify!

Let’s just hope your lifestyle has no unfixable security problems.

Even worse: The monetary system actually might „encourage“ to repeat mistakes such as war – because it is good money for the „hardware“ (weapons) manufacturers.

And that is exactly what Intel will do: Save it’s ass – despite the flood (32 and more) lawsuits.

So Intel tries to sell it’s fix as „security“ and will not compensate the damaged datacenter owners – which probably are forced to rebuy, rebuy, rebuy Intel’s new CPU or go to an alternative CPU manufacturer that does not have this trouble (is there still one? Apple gave up on that… MISTAKE! another reason why monoculture sucks – not only in farming and nature).

Look at traffic: You could go by train, by car or by bus or by airplane or bicycle or horse or elephant or soon: DroneTaxi or or simply: walk.

There are basically completely different „methods“ of doing the same thing: travel distances and/or transport stuff.

And thus provide redundancy for the: travel/transport problem.

But redundancy costs money… repeating mistakes does too.

Oracle SPARC has the same problems.

This could be THE CHANCE for alternative CPU manufactureres and maybe even: Open Hardware?


Image/Photo

„The RISC-V Foundation says that no currently announced RISC-V CPU is vulnerable to Meltdown and Spectre“

„Until recently, RISC-V hadn’t seen much adoption in industry, but, in the past two years, Nvidia and Western Digital both announced that they would be adopting RISC-V CPUs. In light of the recent Meltdown/Spectre issue, the RISC-V foundation has released a statement on the vulnerabilities’ impact on RISC-V development.“

https://www.tomshardware.com/news/risc-v-not-vulnerable-meltdown-spectre-cpu-bugs,36231.html

https://riscv.org/

https://en.wikipedia.org/wiki/RISC-V

https://github.com/freechipsproject/rocket-chip

„As CISC raises too many verification problems, and a closed-source chip design cannot be trusted, the only solution is open-source RISC:“


openSPARC T1




OpenSPARC T1 is the open source version of the UltraSPARC T1 processor, a multi-core, 64-bit multiprocessor. The UltraSPARC T1 processor with CoolThreadstechnology was the highest-throughput and most eco-responsible processor ever created when it became available in the UltraSPARC T1 system. It was a breakthrough discovery for reducing data center energy consumption, while dramatically increasing throughput. Its 32 simultaneous processing threads, drawing about as much power as a light bulb, gave customers the best performance per watt of any processor available.

OpenSPARC T1 source components are covered under multiple open source licenses. The majority of OpenSPARC T1 source code is released under the GNU General Public License. GNU General Public License Source based on existing open source projects will continue to be available under their current licenses. Binary programs are released under a binary Software License Agreement.

Image/PhotoDocs & Specs
Image/PhotoSource Browser
Image/PhotoDownload
Image/PhotoFAQ

openSPARC T2

https://github.com/openrisc

https://github.com/riscv https://github.com/riscv/riscv-qemu

Is Open Source RISC-V Ready to Take on Intel, AMD, and ARM in the Data Center?


http://www.datacenterknowledge.com/hardware/open-source-risc-v-ready-take-intel-amd-and-arm-data-center

Open source startup SiFive introduces a single board computer running Linux on the open RISC-V architecture. Is the data center next?

costly RISC-V mainboard and CPU: https://www.crowdsupply.com/sifive/hifive-unleashed

LinuxGizmos.com:“Aside from being open source and customizable, one of the main benefits of RISC-V is that it is fully modern, purpose built, and unburdened with legacy code.“

https://www.heise.de/newsticker/meldung/RISC-V-Entwickler-Board-mit-64-Bit-Chip-und-Linux-ab-Juni-3960308.html

costly dev board: https://www.crowdsupply.com/microsemi/hifive-unleashed-expansion-board

… but only if we (can) buy it.

Debian supported CPU architectures:

Motorola 680x0:      | m68k 
       - Atari            |   - atari 
       - Amiga            |   - amiga 
       - 68k Macintosh    |   - mac 
       - VME              |   - bvme6000 
                          |   - mvme147 
                          |   - mvme16x 
                          |  
     DEC Alpha            | alpha 
                          |   - generic 
                          |   - jensen 
                          |   - nautilus 
                          |  
     Sun SPARC            | sparc 
                          |   - sun4cdm 
                          |   - sun4u 
The UltraSPARC class systems fall under the sun4u identifier, 
and are supported using the sun4u set of install images. 
                          |    
     ARM and StrongARM    | arm 
                          |   - netwinder 
                          |   - riscpc 
                          |   - shark 
                          |   - lart 
                          |  
     IBM/Motorola PowerPC | powerpc 
       - CHRP             |   - chrp 
       - PowerMac         |   - powermac, new-powermac 
       - PReP             |   - prep 
       - APUS             |   - apus 
                          |  
     HP PA-RISC           | hppa 
       - PA-RISC 1.1      |   - 32 
       - PA-RISC 2.0      |   - 64 
                          | 
     Intel ia64-based     | ia64 
                          | 
     MIPS (big endian)    | mips 
       - SGI Indy/I2      |  - r4k-ip22 
                          |  
     MIPS (little endian) | mipsel 
       - DEC Decstation   |  - r4k-kn04 
                          |  - r3k-kn02 
                          |  
     IBM S/390            | s390 
                          |  - tape 
                          |  - vmrdr 
```… the mail continues:


As a hack for existing CPUs, it's just about tolerable â as long as it
can die entirely by the next generation.


So the part is I think is odd is the IBRS_ALL feature, where a future
CPU will advertise "I am able to be not broken" and then you have to
set the IBRS bit once at boot time to ask it not to be broken. That
part is weird, because it ought to have been treated like the RDCL_NO
bit â just "you don't have to worry any more, it got better".

https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf

``````
We do need the IBPB feature to complete the protection that retpoline
gives us â it's that or rebuild all of userspace with retpoline.


We'll also want to expose IBRS to VM guests, since Windows uses it.

I think we could probably live without the IBRS frobbing in our own
syscall/interrupt paths, as long as we're prepared to live with the
very hypothetical holes that still exist on Skylake. Because I like
IBRS more... no, let me rephrase... I hate IBRS less than I hate the
'deepstack' and other stuff that was being proposed to make Skylake
almost safe with retpoline.
```http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04601.html

„As a programmer, it is your job to put yourself out of business. What you do today can be automated tomorrow.“

Doug McIlroy

Damn this guy is a philosopher.

\#linux #gnu #gnulinux #opensource #administration #sysops #unix #intel #spectre #meltdown #kernel #kiss #simplicity #simplify #cpu #amd #cisc #risc #rowhammer #firefox #iphone #arm #security #itsec #cybersec #cybersercurity #cyber #internetsecurity #web
Quelle: http://dwaves.de/2018/05/09/spectre-and-meltdown-linus-torvalds-infuriated-by-intel-insanity-open-cpu-and-rise-of-risc/
Spectre and Meltdown – Linus Torvalds infuriated by Intel insanity – Open CPU and rise of RISC? RISCV – hifive1

dwaves.de: » Spectre and Meltdown – Linus Torvalds infuriated by Intel insanity – Open CPU and rise of RISC? RISCV – hifive1 | dwaves.de (admin)


 

Is there maybe somewhere a working instance of #hubchart?


https://github.com/pynolo/hubchart

There used to be a site but it does not work anymore.

#hubzilla #socialnetwork #linux #gnu #gnulinux #redmatrix