You are here

Agreguesi i feed

Raspberry Pi Founder Demos Touchscreen Display For DIY Kits

Slashdot.org - Mër, 22/10/2014 - 6:34md
An anonymous reader writes: Over 4 million Raspberry Pis have been sold so far, and now founder Eben Upton has shown off a touchscreen display panel that's designed to work with it. It's a 7" panel, roughly tablet sized, but slightly thicker. "With the incoming touchscreen panel The Pi Foundation is clearly hoping to keep stoking the creative fires that have helped drive sales of the Pi by slotting another piece of DIY hardware into the mix." Upton also discussed the Model A+ Raspberry Pi board — an updated version they'll be announcing soon.

Read more of this story at Slashdot.








Kubuntu: Kubuntu 14.10

Planet UBUNTU - Mër, 22/10/2014 - 6:10md

Kubuntu 14.10 is available for upgrade or install. It comes in two flavours, the stable Plasma 4 running the desktop we know from previous releases, and a tech preview of the next generation Plasma 5 for early adopters.

Shooting At Canadian Parliament

Slashdot.org - Mër, 22/10/2014 - 5:55md
CBC reports that a man pulled up to the War Memorial in downtown Ottawa, got out of his car, and shot a soldier with a rifle. The Memorial is right next to the Canadian Parliament buildings. A shooter (reportedly the same one, but unconfirmed) also approached Parliament and got inside before he was shot and killed. "Scott Walsh, who was working on Parliament Hill, said ... the man hopped over the stone fence that surrounds Parliament Hill, with his gun forcing someone out of their car. He then drove to the front doors of Parliament and fired at least two shots, Walsh said." Canadian government officials were quickly evacuated from the building, while the search continues for further suspects. This comes a day after Canada raised its domestic terrorism threat level. Most details of the situation are still unconfirmed -- CBC has live video coverage here. They have confirmed that there was a second shooting at the Rideau Center, a shopping mall nearby.

Read more of this story at Slashdot.








Shooting At Canadian Parliament

Slashdot.org - Mër, 22/10/2014 - 5:55md
CBC reports that a man pulled up to the War Memorial in downtown Ottawa, got out of his car, and shot a soldier with a rifle. The Memorial is right next to the Canadian Parliament buildings. A shooter (reportedly the same one, but unconfirmed) also approached Parliament and got inside before he was shot and killed. "Scott Walsh, who was working on Parliament Hill, said ... the man hopped over the stone fence that surrounds Parliament Hill, with his gun forcing someone out of their car. He then drove to the front doors of Parliament and fired at least two shots, Walsh said." Canadian government officials were quickly evacuated from the building, while the search continues for further suspects. This comes a day after Canada raised its domestic terrorism threat level. Most details of the situation are still unconfirmed -- CBC has live video coverage here. They have confirmed that there was a second shooting at the Rideau Center, a shopping mall nearby.

Read more of this story at Slashdot.


What It Took For SpaceX To Become a Serious Space Company

Slashdot.org - Mër, 22/10/2014 - 5:47md
An anonymous reader writes: The Atlantic has a nice profile of SpaceX's rise to prominence — how a private startup managed to successfully compete with industry giants like Boeing in just a decade of existence. "Regardless of its inspirations, the company was forced to adopt a prosaic initial goal: Make a rocket at least 10 times cheaper than is possible today. Until it can do that, neither flowers nor people can go to Mars with any economy. With rocket technology, Musk has said, "you're really left with one key parameter against which technology improvements must be judged, and that's cost." SpaceX currently charges $61.2 million per launch. Its cost-per-kilogram of cargo to low-earth orbit, $4,653, is far less than the $14,000 to $39,000 offered by its chief American competitor, the United Launch Alliance. Other providers often charge $250 to $400 million per launch; NASA pays Russia $70 million per astronaut to hitch a ride on its three-person Soyuz spacecraft. SpaceX's costs are still nowhere near low enough to change the economics of space as Musk and his investors envision, but they have a plan to do so (of which more later)."

Read more of this story at Slashdot.








Software Glitch Caused 911 Outage For 11 Million People

Slashdot.org - Mër, 22/10/2014 - 5:05md
HughPickens.com writes: Brian Fung reports at the Washington Post that earlier this year emergency services went dark for over six hours for more than 11 million people across seven states. "The outage may have gone unnoticed by some, but for the more than 6,000 people trying to reach help, April 9 may well have been the scariest time of their lives." In a 40-page report (PDF), the FCC found that an entirely preventable software error was responsible for causing 911 service to drop. "It could have been prevented. But it was not," the FCC's report reads. "The causes of this outage highlight vulnerabilities of networks as they transition from the long-familiar methods of reaching 911 to [Internet Protocol]-supported technologies." On April 9, the software responsible for assigning the identifying code to each incoming 911 call maxed out at a pre-set limit; the counter literally stopped counting at 40 million calls. As a result, the routing system stopped accepting new calls, leading to a bottleneck and a series of cascading failures elsewhere in the 911 infrastructure. Adm. David Simpson, the FCC's chief of public safety and homeland security, says having a single backup does not provide the kind of reliability that is ideal for 911. "Miami is kind of prone to hurricanes. Had a hurricane come at the same time [as the multi-state outage], we would not have had that failover, perhaps. So I think there needs to be more [distribution of 911 capabilities]."

Read more of this story at Slashdot.








Zygmunt Krynicki: Launching a process to monitor stdout, stderr and exit code reliably

Planet UBUNTU - Mër, 22/10/2014 - 4:50md
Recently I'm fixing a rather difficult bug that deals with doing one simple task reliably. Run a program and watch (i.e. intercept and process) stdout and stderr until the process terminates.
Doing this is surprisingly difficult and I was certainly caught in a few mistakes the first time I tried to do this. I recently posted a lengthy comment on the corresponding bug. It took me a few moments to carefully analyze and re-think the situation and how a reliable approach should work. Non the less I am only human and I certainly have made my set of mistakes.
Below is the reproduction for my current approach. The implementation is still in progress but it seems to work (I need to implement the termination phase of non-kill-able processes and switch to fully non-blocking I/O). So far I've used epoll(7) and signalfd(7). I'm still planning to use timerfd_create(2) for the timer, perhaps with CLOCK_RTC for hard wall-clock-time limit enforcement. I'll post the full, complete examples once I'm done with this but you can look at how it mostly looks like today in the python-glibc git tree's demos/ directory.
I'd like to ask everyone that has experience with this part of systems engineering to poke holes in my reasoning and show how this might fail and misbehave. Thanks.
The current approach, that so far works good on all the pathological cases is to do this.The general idea is that we're in a I/O loop, using non-blocking I/O and a select-like mechanism to wait for wait for:
 - timeout (optional, new feature)
 - read side of the stdout pipe data
 - read side of the stdout pipe being closed
 - read side of the stderr pipe data
 - read side of the stderr pipe being closed
 - SIGCHLD being delivered with the intent to say that the process is deadIn general we keep looping and terminate only when the set of waited things (stdout depleted, stderr depleted, process terminated) is empty. This is not always true so see below. The action that we do on each is event is obviously different:If the timeout has elapsed we proceed to send SIGTERM, reset the timer for shutdown period, followed by SIGQUIT and another timer reset. After that we send SIGKILL. This can fail as the process may have elevated itself beyond our capabilities. This is still undecided but perhaps, at this time, we should use an elevated process manager (see below). If we fail to terminate the process special provisions apply (see below).If we have data to read we just do and process that (send to log files, process, send to .record.gz). This is a point where we can optimize the process and improve reliability in event of sudden system crash. Using more modern facilities we can implement tee in kernel space which lowers processing burden on python and, in general, makes it more likely that the log files will see actual output the process made just prior to its death.We can also use pipes in O_DIRECT (aka packet mode) here to ensure that all writes() end up as individual records, which is the indented design of the I/O log record concept. This won't address the inherent buffering that is enabled in all programs that detect when they are redirected and no longer attached to a tty.Whenever one of the pipes is depleted (which may *never* happen, lesson learned) we just close our side.When the child dies, and this is the most important part and the actual bugfix, we do the following sequence of events:
 - if we still have stdout pipe open, read at most one PIPE_BUF. We cannot read more as the pipe may live on forever and we can just hang as we currently do. Reading one PIPE_BUF ensures that we catch the last moments of what the originally started process intended to tell us. Then we close the pipe. This will likely result in SIGPIPE in any processes that are still attached to it though we have no guarantee that it will rally kill them as that signal can be blocked.
 - if we still have stderr pipe open we follow the same logic as for stdout above.
 - we restore some signal handling that was blocked during the execution of the loop and terminate.There's one more trick up our sleeve and that is PR_SET_CHILD_SUBREAPER but I'll describe that in a separate bug report that deals with runaway processes. Think dbus-launch or anything that double-forks and demonizes
If you have any comments or ideas please post them here (wherever you are reading this), on the launchpad bug report page or via email. Thanks a lot!

Tim Janik: Apache SSLCipherSuite without POODLE

Planet GNOME - Mër, 22/10/2014 - 4:35md
In my previous post Forward Secrecy Encryption for Apache, I’ve described an Apache SSLCipherSuite setup to support forward secrecy which allowed TLS 1.0 and up, avoided SSLv2 but included SSLv3. With the new PODDLE attack (Padding Oracle On Downgraded Legacy Encryption), SSLv3 (and earlier versions) should generally be avoided. Which means the cipher configurations discussed [...]

Windows 0-Day Exploited In Ongoing Attacks

Slashdot.org - Mër, 22/10/2014 - 4:23md
An anonymous reader writes: Microsoft is warning users about a new Windows zero-day vulnerability that is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects. The vulnerability is currently being exploited via PowerPoint files. These specially crafted files contain a malicious OLE (Object Linking and Embedding) object. This is not the first time a vulnerability in OLE has been exploited by cybercriminals, however most previous OLE vulnerabilities have been limited to specific older versions of the Windows operating system. What makes this vulnerability dangerous is that it affects the latest fully patched versions of Windows.

Read more of this story at Slashdot.








DHS Investigates 24 Potentially Lethal IoT Medical Devices

Slashdot.org - Mër, 22/10/2014 - 3:39md
An anonymous reader writes: In the wake of the U.S. Food and Drug Administration's recent recommendations to strengthen security on net-connected medical devices, the Department of Homeland Security is launching an investigation into 24 cases of potential cybersecurity vulnerabilities in hospital equipment and personal medical devices. Independent security researcher Billy Rios submitted proof-of-concept evidence to the FDA indicating that it would be possible for a hacker to force infusion pumps to fatally overdose a patient. Though the complete range of devices under investigation has not been disclosed, it is reported that one of them is an "implantable heart device." William Maisel, chief scientist at the FDA's Center for Devices and Radiological Health, said, "The conventional wisdom in the past was that products only had to be protected from unintentional threats. Now they also have to be protected from intentional threats too."

Read more of this story at Slashdot.








Hungary To Tax Internet Traffic

Slashdot.org - Mër, 22/10/2014 - 2:57md
An anonymous reader writes: The Hungarian government has announced a new tax on internet traffic: 150 HUF ($0.62 USD) per gigabyte. In Hungary, a monthly internet subscription costs around 4,000-10,000 HUF ($17-$41), so it could really put a constraint on different service providers, especially for streaming media. This kind of tax could set back the country's technological development by some 20 years — to the pre-internet age. As a side note, the Hungarian government's budget is running at a serious deficit. The internet tax is officially expected to bring in about 20 billion HUF in income, though a quick look at the BIX (Budapest Internet Exchange) and a bit of math suggests a better estimate of the income would probably be an order of magnitude higher.

Read more of this story at Slashdot.








Ubuntu LoCo Council: Regular LoCo Council Meeting for 21 October 2014

Planet UBUNTU - Mër, 22/10/2014 - 2:45md

Meeting information

#ubuntu-meeting: Regular LoCo Council Meeting for October 2014, 21 Oct at 20:00 — 21:33 UTC
Full logs at http://ubottu.com/meetingology/logs/ubuntu-meeting/2014/ubuntu-meeting.2014-10-21-20.00.log.html
Meeting summary

Opening Business

The discussion about “Opening Business” started at 20:00.

Listing of Sitting Members of LoCo Council (20:00)
For the avoidance of uncertainty and doubt, it is necessary to list the members of the council who are presently serving active terms.
Marcos Costales, term expiring 2015-04-16
Jose Antonio Rey, term expiring 2015-10-04
Pablo Rubianes, term expiring 2015-04-16
Sergio Meneses, term expiring 2015-10-04
Stephen Michael Kellat, term expiring 2015-10-04
There is currently one vacant seat on LoCo Council
Roll Call (20:00)
Vote: LoCo Council Roll Call (All Members Present To Vote In Favor To Register Attendance) (Carried)
Re-Verification: France

The discussion about “Re-Verification: France” started at 20:03.

Vote: That the re-verification application of France be approved and that the period of verification be extended for a period of two years from this date. (Carried)
Update on open cases before the LoCo Council

The discussion about “Update on open cases before the LoCo Council” started at 20:19.

LoCo Council presently has before it pending verification and re-verification proceedings for the following LoCo Teams: Mauritius, Finland, Netherlands, Peru, Russia, Serbia.
The loco-contacts thread “Our teams reject the new LoCo Council policy”

The discussion about “The loco-contacts thread ‘Our teams reject the new LoCo Council policy’” started at 20:20.

Requests from the Galician and Asturian teams

The discussion about “Requests from the Galician and Asturian teams” started at 20:59.

Vote: That the Galician Team, pursuant to their request this day, be considered an independent LoCo team notwithstanding representing less than a country. (Carried)
Vote: That the Asturian Team, pursuant to their request this day, be considered an independent LoCo Team notwithstanding representing less than a country. (Carried)
Marcos Costales, in his capacity as leader of Ubuntu Spain and as a member of LoCo Council, stood aside from both votes.
Any Other Business

The discussion about “Any Other Business” started at 21:13.

Those who have requests of the LoCo Council are advised to write to it at loco-council@lists.ubuntu.com for assistance.
Vote results

LoCo Council Roll Call (All Members Present To Vote In Favor To Register Attendance)

Motion carried (For/Against/Abstained 4/0/0)
Voters PabloRubianes, skellat, costales, SergioMeneses
That the re-verification application of France be approved and that the period of verification be extended for a period of two years from this date.

Motion carried (For/Against/Abstained 4/0/0)
Voters PabloRubianes, skellat, costales, SergioMeneses
That the Galician Team, pursuant to their request this day, be considered an independent LoCo team notwithstanding representing less than a country.

Motion carried (For/Against/Abstained 2/0/1)
Voters PabloRubianes, skellat, SergioMeneses
That the Asturian Team, pursuant to their request this day, be considered an independent LoCo Team notwithstanding representing less than a country.

Motion carried (For/Against/Abstained 2/0/1)
Voters PabloRubianes, skellat, SergioMeneses

Xerox Alto Source Code Released To Public

Slashdot.org - Mër, 22/10/2014 - 2:15md
zonker writes: In 1970, the Xerox Corporation established the Palo Alto Research Center (PARC) with the goal to develop an "architecture of information" and lay the groundwork for future electronic office products. The pioneering Alto project that began in 1972 invented or refined many of the fundamental hardware and software ideas upon which our modern devices are based, including raster displays, mouse pointing devices, direct-manipulation user interfaces, windows and menus, the first WYSIWYG word processor, and Ethernet. The first Altos were built as research prototypes. By the fall of 1976 PARC's research was far enough along that a Xerox product group started to design products based on their prototypes. Ultimately, ~1,500 were built and deployed throughout the Xerox Corporation, as well as at universities and other sites. The Alto was never sold as a product but its legacy served as inspiration for the future. With the permission of the Palo Alto Research Center, the Computer History Museum is pleased to make available, for non-commercial use only, snapshots of Alto source code, executables, documentation, font files, and other files from 1975 to 1987. The files are organized by the original server on which they resided at PARC that correspond to files that were restored from archive tapes. An interesting look at retro-future.

Read more of this story at Slashdot.








Konstantinos Margaritis: Eigen NEON port extended to ARMv8!

Planet Debian - Mër, 22/10/2014 - 12:44md

Soon after the VSX port, and as promised I have completed the ARMv8 NEON (a.k.a. Advanced SIMD) port. Basically this extends support to 64-bit doubles and also provides faster alternatives to division as ARMv8 has builtin instructions for division both for 32-bit floats and 64-bit doubles. Preliminary benchmarks (bench_gemm):

iPhone Encryption and the Return of the Crypto Wars

LinuxSecurity.com - Mër, 22/10/2014 - 11:46pd
LinuxSecurity.com: Last week, Apple announced that it is closing a serious security vulnerability in the iPhone. It used to be that the phone's encryption only protected a small amount of the data, and Apple had the ability to bypass security on the rest of it.

USB is now UEC (use with extreme caution)

LinuxSecurity.com - Mër, 22/10/2014 - 11:44pd
LinuxSecurity.com: USB is an acronym for Universal Serial Bus; at least that is what it has stood for since 1999 when it was patented. But now it may take on a new meaning and instead stand for Ultimate Security Breakdown.

Steve Kemp: On writing test-cases and testsuites.

Planet Debian - Mër, 22/10/2014 - 11:21pd

Last night I mostly patched my local copy of less to build and link against the PCRE regular expression library.

I've wanted to do that for a while, and reading Raymond Chen's blog post last night made me try it out.

The patch was small and pretty neat, and I'm familiar with GNU less having patched it in the past. But it doesn't contain tests.

Test cases are hard. Many programs, such as less, are used interactively which makes writing a scaffold hard. Other programs suffer from a similar fate - I'm not sure how you'd even test a web browser such as Firefox these days - mangleme would catch some things, eventually, but the interactive stuff? No clue.

In the past MySQL had a free set of test cases, but my memory is that Oracle locked them up. SQLite is famous for its decent test coverage. But off the top of my head I can't think of other things.

As a topical example there don't seem to be decent test-cases for either bash or openssl. If it compiles it works, more or less.

I did start writing some HTTP-server test cases a while back, but that was just to automate security attacks. e.g. Firing requests like:

GET /../../../etc/passwd HTTP/1.0 GET //....//....//....//etc/passwd HTTP/1.0 etc

(It's amazing how many toy HTTP server components included in projects and products don't have decent HTTP-servers.)

I could imagine that being vaguely useful, especially because it is testing the protocol-handling rather than a project-specific codebase.

Anyway, I'm thinking writing test cases for things is good, but struggling to think of a decent place to start. The project has to be:

  • Non-interactive.
  • Open source.
  • Widely used - to make it a useful contribution.
  • Not written in some fancy language.
  • Open to receiving submissions.

Comments welcome; but better yet why not think about the test-coverage of any of your own packages and projects...?

Ask Slashdot: Aging and Orphan Open Source Projects?

Slashdot.org - Mër, 22/10/2014 - 11:12pd
osage writes: Several colleagues and I have worked on an open source project for over 20 years under a corporate aegis. Though nothing like Apache, we have a sizable user community and the software is considered one of the de facto standards for what it does. The problem is that we have never been able to attract new, younger programmers, and members of the original set have been forced to find jobs elsewhere or are close to retirement. The corporation has no interest in supporting the software. Thus, in the near future, the project will lose its web site host and be devoid of its developers and maintainers. Our initial attempts to find someone to adopt the software haven't worked. We are looking for suggestions as to what course to pursue. We can't be the only open source project in this position.

Read more of this story at Slashdot.








3.12.31: longterm

Kernel Linux - Mër, 22/10/2014 - 10:09pd
Version:3.12.31 (longterm) Released:2014-10-22 Source:linux-3.12.31.tar.xz PGP Signature:linux-3.12.31.tar.sign Patch:patch-3.12.31.xz (Incremental) ChangeLog:ChangeLog-3.12.31
Kategoritë: Kernel Linux

Mattia Migliorini: Debian hangs during boot

Planet UBUNTU - Mër, 22/10/2014 - 10:05pd

This morning I came to work a hour earlier than usual. I started my work PC and waited for it to boot into Debian Jessie. And waited… waited… waited…

This sounds strange, doesn’t it? It generally boots rather quickly. In fact Debian hangs during boot with this message:

A start job is running for Create Volatile Files and Directories

Followed by a timer and no limit. You can leave it there, but it does not finish and just hangs there. So, let’s try understand the problem.

 

The problem

The problem here is quite obvious: in the previous session you updated systemd to version 215-5+b1. If you have a look at your system’s /tmp directory (you can’t do it now, but we’ll do it later for sake of knowledge), you find out that it’s bloated. Here’s the bug report.

 

The solution

Thankfully, the solution is pretty straightforward. Reboot your computer with Ctrl+Alt+Del and wait for Grub to load, then press e to edit Debian’s entry. After the line with /boot/vmlinuz... add the following:

--add rw init=/bin/bash

And press F10 to boot. Debian will load as a shell with root permissions, so you can do whatever you want (but be careful, because you can cause big issues too!

Now it’s time to check your /tmp directory:

ls -l /tmp

You should wait some minutes until it finishes, and the output may scare you. It’s bloated, as I told you before. What can you do now? Just remove and recreate it.

rm -rf /tmp mkdir /tmp chmod 1777 /tmp

Now restart your PC and check it out: Debian will boot correctly!

 

Conclusion

Is systemd ready to go towards a Debian stable release? I don’t think so. The team has to work hard to accomplish this step. So, good luck guys, and please test it a little more next time!

 

Source: Debian User Forums

The post Debian hangs during boot appeared first on deshack.

Faqet

Subscribe to AlbLinux agreguesi