GUADEC – Jupiter Broadcasting

NVIDIA open-sourced and contributed to Qt the NVIDIA DRIVE Design Studio, which is a “designer friendly 3D UI authoring system” and Qt is now releasing it with the name Qt 3D Studio.

Interview: Thomas Weissel Installing Plasma in Austrian Schools

About 34 classrooms, 2 consulting rooms, the room for teachers and one computer lab just got upgraded to a custom “distribution” based on Kubuntu and KDE neon. At least 75 teachers are going to work with the system. Most of the 700+ students are not going to touch these computers (because they are locked away) but in their 5th grade every one of them gets a live USB flash-drive in order to work with the very same system in the computer lab.

The State of Plasma

Since 2014, Plasma has kept me entertained and disappointed in equal measures. At some point, I had it crowned my favorite desktop, and then it went downhill steeply, fast, struggling to recover. Not helping was the slew of bugs and regressions across the distro space, which exacerbated the quality of Plasma and what it could show the world.

TING

Ting – mobile that makes sense

Linux 4.10 – Linux Kernel Newbies

This release adds support for Intel GVT-g for KVM (a.k.a. KVMGT), a full GPU virtualization solution with mediated pass-through, starting from 4th generation Intel Core (Haswell) processors with Intel Graphics. This feature is based on a new VFIO Mediated Device framework. Unlike direct pass-through alternatives, the mediated device framework allows KVMGT to offer a complete virtualized GPU with full GPU features to each one of the virtualized guests, with part of performance critical resources directly assigned, while still having performance close to native. The capability of running native graphics driver inside a VM, without hypervisor intervention in performance critical paths, achieves a good balance among performance, feature, and sharing capability.

GNOME 3.24 Desktop Environment Enters Beta, Final Release Is Coming March 22

GNOME 3.23.90 is now available. This is the beta release for the upcoming stable GNOME 3.24 release. At this point, we have entered feature freeze, UI freeze, and API freeze, so developers should be focused on bugfixes and stability improvements for the next month as we approach GNOME 3.24,” said Michael Catanzaro in a mailing list announcement.

Ubuntu 17.04 Will Ship with GNOME 3.24

The upcoming beta of Ubuntu GNOME 17.04 — regular Ubuntu only takes part in the second beta — will feature GNOME 3.24 Beta 1 (v3.23.90) and defaults to the latest GNOME Shell desktop.

Plasma in a Snap?

Shortly before FOSDEM, Aleix Pol asked if I had ever put Plasma in a Snap. While I was a bit perplexed by the notion itself, I also found this a rather interesting idea.

GUADEC 2017 – The GNOME Conference

GUADEC brings together Free Software Enthusiasts and professionals from all over the world. Join us for six days of talks, demos, discussion, parties, games and more.

We did it! Our AppCenter campaign was just fully funded. https://t.co/xJyr3LmABI

— elementary (@elementary) February 21, 2017

Linux Academy

Linux Academy | Linux and AWS Online Training

GPD Pocket, The 7-Inch Ubuntu Laptop is Now Live on IndieGoGo

It took the little 7-inch laptop less than 7 hours to leap over its $200,000 fixed funding goal. This means the device will (barring any hiccups) be produced.

The device is super small, measuring a teeny 7.1-inch by 4.2-inch (and standing a mere 0.7-inch tall). The GPD Pocket offers a 7-inch 1920×1200 IPS screen, pushing a pixel-popping 323 PPI. Corning Gorilla Glass 3.

Despite the diminutive proportions the unibody magnesium alloy case contains some powerful internals.

Core specs:

7-inch full-HD (1920×1200) IPS touch display
Intel Atom x7-Z8750 CPU (Quad Core) @ 1.6GHz
8GB RAM
128GB eMMC

The device does have a fan. GPD says this ‘active cooling’ means its** performance is better than the Microsoft Surface 3**, which is passively cooled.

Also:

7,000 mAh battery (12 hours battery life estimated)
802.11ac WiFi
Bluetooth 4.1
1x USB 3.0 Type-C
1x USB 3.0 Type-A
micro HDMI
3.5mm headphone jack

An option USB Type-C dock can be attached to provide an additional 2x USB 3.0 ports and an SD and microSD card reader.

The included QWERTY keyboard takes up as much room as possible, with a small pointer nub in-between a split space bar (yup, no trackpad, no palm rest).

GPD Pocket: 7.0′ UMPC-Laptop ‘Ubuntu or WIN 10 OS’ | Indiegogo

More than just thin but also small, small to fit in your pocket!

DigitalOcean

DigitalOcean: SSD Cloud Server, VPS Server, Simple Cloud Hosting

Linus Reflects on 25 Years of Releasing Linux

The post Plasma Injection | LINUX Unplugged 185 first appeared on Jupiter Broadcasting.

Android’s Leaky Sandbox | Tech Talk Today 35

chris — Wed, 30 Jul 2014 09:31:13 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

An Android flaw from 2010 allows any app to break out of the Android sandbox. But is it really a threat in practice? We’ll dig in.

The Podcast patent troll takes it on the nose, and some highlights from the Gnome development conference this week.

Direct Download:

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Android crypto blunder exposes users to highly privileged malware | Ars Technica

This is the issue in a nutshell.

The Fake ID vulnerability stems from the failure of Android to verify the validity of cryptographic certificates that accompany each app installed on a device. The OS relies on the credentials when allocating special privileges that allow a handful of apps to bypass Android sandboxing. Under normal conditions, the sandbox prevents programs from accessing data belonging to other apps or to sensitive parts of the OS. Select apps, however, are permitted to break out of the sandbox. Adobe Flash in all but version 4.4, for instance, is permitted to act as a plugin for any other app installed on the phone, presumably to allow it to add animation and graphics support. Similarly, Google Wallet is permitted to access Near Field Communication hardware that processes payment information.

The App simply needs to claim its Adobe flash, and it gets to break out of the sandbox.

The flaw appears to have been introduced to Android through an open source component, Apache Harmony. Google turned to Harmony as an alternative means of supporting Java in the absence of a deal with Oracle to license Java directly.

Work on Harmony was discontinued in November, 2011. However, Google has continued using native Android libraries that are based on Harmony code. The vulnerability concerning certificate validation in the package installer module persisted even as the two codebases diverged.

Google’s Response to Ars

After receiving word of this vulnerability, we quickly issued a patch that was distributed to Android partners, as well as to AOSP. Google Play and Verify Apps have also been enhanced to protect users from this issue. At this time, we have scanned all applications submitted to Google Play as well as those Google has reviewed from outside of Google Play, and we have seen no evidence of attempted exploitation of this vulnerability.

The Reality of the Situation

First, a patch been sent to OEMs and AOSP, but with Android’s abysmal update situation, this is a moot point. The crux, however, lies with Google Play and Verify Apps. These have already been updated to detect this issue, and prevent applications that try to abuse this flaw from being installed. This means two things.

First, that there are no applications in Google Play that exploit this issue. If you stick to Google Play, you’re safe from this issue, period. No ifs and buts. Second, even if you install applications from outside of Google Play, you are still safe from this issue. Verify Apps is part of Play Services, and runs on every Android device from 2.3 and up. It scans every application at install and continuously during use for suspect behaviour. In this case, an application that tries to exploit this flaw will simply be blocked from installing or running.

New Android ‘Fake ID’ flaw empowers stealthy new class of super-malware

A new Android design error discovered by Bluebox Security allows malicious apps to grab extensive control over a user’s device without asking for any special permissions at installation. The problem affects virtually all Android phones sold since 2010.

Android ‘supermalware’ can impersonate any app- The Inquirer

The vulnerability in the Android code that allows “Fake ID” in was first noticed in the now dormant Adobe Flash integration, which had been present since 2010 and was only patched with the arrival of Android 4.4 Kitkat earlier this year. The flaw is so deeply embedded in Android that it can affect all forks of the Android Open Source Project including Amazon’s Fire OS.

Android Fake ID Vulnerability Lets Malware Impersonate Trusted Applications, Puts All Android Users Since January 2010 At Risk – Bluebox Security

Dubbed “Fake ID,” the vulnerability allows malicious applications to impersonate specially recognized trusted applications without any user notification. This can result in a wide spectrum of consequences. For example, the vulnerability can be used by malware to escape the normal application sandbox and take one or more malicious actions: insert a Trojan horse into an application by impersonating Adobe Systems; gain access to NFC financial and payment data by impersonating Google Wallet; or take full management control of the entire device by impersonating 3LM.

Old Apache Code At Root of Android FakeID Mess – Slashdot

Podcasting patent troll: We tried to drop lawsuit against Adam Carolla | Ars Technica

In a statement released today, Personal Audio says that Carolla, who has raised more than $450,000 from fans to fight the case, is wasting their money on an unnecessary lawsuit. The company, which is a “patent troll” with no business other than lawsuits, has said Carolla just doesn’t care since his fans are paying his lawyers’ bills.

Adam Carolla’s assertions that we would destroy podcasting were ludicrous on their face,” said Personal Audio CEO Brad Liddle. “But it generated sympathy from fans and ratings for his show.

According to Personal Audio, they’ve lost interest in suing podcasters because the podcasters—even one of Adam Carolla’s size—just don’t make enough money for it to care.

“[Personal Audio] was under the impression that Carolla, the self-proclaimed largest podcaster in the world, as well as certain other podcasters, were making significant money from infringing Personal Audio’s patents,” stated the company. “After the parties completed discovery, however, it became clear this was not the case.”

Personal Audio also says it has a patent covering playlists.

Personal Audio has already dropped its lawsuits against two other podcasting defendants from the case (Togi Net and How Stuff Works) apparently without getting paid anything.

The patent company is charging ahead with its patent case against the big three television networks, CBS, NBC, and ABC. Personal Audio is trying to wring a royalty from those companies for releasing video “episodic content” over the Internet.

In response, Carolla sent Ars a statement saying he’ll continue to pursue counterclaims against Personal Audio, seeking to invalidate the patent “so that Personal Audio cannot sue other podcasters for infringement of US Patent 8,112,504.” Lotzi (Carolla’s company) has already “incurred hundreds of thousands of dollars in fees and expenses to defend itself” against the Personal Audio patents.

GUADEC 2014, Day Four: Hardware, New IDE for GNOME | Fedora Magazine

The fourth day of GUADEC was devoted to hardware and its interaction with desktop. The first talk was “Hardware Integration, The GNOME Way” by Bastien Nocera who has been a contributor to GNOME and Fedora for many years.

Performance Testing on Actual Hardware

Owen Taylor talked on continuous integration performance testing on actual hardware. According to Owen, continuous performance testing is very important. It helps find performance regressions more easily because the delta between the code tested last time and the code tested now is much smaller, thus there are much fewer commits to investigate.

He noted that desktop performance testing in VMs is not very useful which is why he has several physical machines that are connected to a controller which downloads new builds of GNOME Continuous and installs them on the connected machines. The testing can be controlled by GNOME Hardware Testing app Owen has created. And what is tested?

Here are currently used metrics:

time from boot to desktop
time redraw entire empty desktop
time to show overview
time to redraw overview with 5 windows
time to show application picker
time to draw frame from test application, time to start gedit.

Tests are scripted right in the shell (javascript) and events logged with timestamp. The results are uploaded to perf.gnome.org. In the future, he’d like to have results in the graph linked to particular commits (tests are triggered after very commit), have more metrics (covering also features in apps), assemble more machines and various kinds of them (laptops, ARM devices,…).

Builder: a new IDE for GNOME

The last talk of the day was “Builder, a new IDE for GNOME” by Christian Hergert. Christian started the talk by clearly stating what Builder is not intended to be: a generic IDE (use Eclipse, Anjuta, MonoDevelop,… instead). And it most likely won’t support plugins. Builder should be an IDE specializing on GNOME development.

Here are some characteristics of Builder:

components are broken into services and services are contained in sub-processes,
uses basic autotools management,
source editor uses GtkSourceView,
has code highlighting, auto-completation,
cross-reference, change tracking,
snippets,
auto-formatting,
distraction free mode.
Vim/Emacs integration may be possible.
The UI designer will use Glade and integrate GTK+ Inspector.
Builder will also contain resource manager, simulator (something similar to Boxes, using OSTree), debugger, profiler, source control.

After naming all Builder’s characteristics Christian demoed a prototype.

For Later Reading Pick:

AnandTech | The NVIDIA SHIELD Tablet Review

Feedback:

More information on the “Trans Pacific Partnership” from an Avid Australian listener – Magentium

Hey Guys at Jupiter Broadcasting. Just wanted to put a bit more info to you that I saw on Tech Talk Today about the Copyright Act that’s being brought into Australia. Someone mentioned that “Netflix could come in” and make some serious mone. Netflix would be awesome if our Internet Infrastructure wasnt at a maximum of 12Mbps speeds (If you are lucky).

On a good day (and ive got some of the best net here) i get around 8mbps down. Netflix wouldn’t be viable because it wouldnt be available to even 30% of the country. We have Foxtel (like SKY / Cable) which is Premium Paid TV and costs a FORTUNE. It’s still not viable.

In regards to the Copyrighting, the Government also has it all wrong. The number one reason that I am always told by people I know as to why they pirate TV shows, movies and Games, is that the pricing of this stuff over here is unbelievable. For instance, the box set of Star Trek : The Next Generation will cost you over US$250 if you convert the costs, depending if its on special / discount or not.

Either way, you guys were spot on. Keep up the great work, Love the show, and a big shoutout from Australia! CRICKEY! ( we dont actually say that, so don’t get fooled by the stereotype). And no I don’t have a pet Kangeroo (not anymore).

The post Android's Leaky Sandbox | Tech Talk Today 35 first appeared on Jupiter Broadcasting.