Ir para o conteúdo
Mostrar cesto Esconder cesto
ou

Software livre Brasil

Tela cheia Sugerir um artigo
 Feed RSS

Blog

7 de Dezembro de 2009, 0:00 , por Desconhecido - | Ninguém está seguindo este artigo ainda.
Mageia é um fork do Mandriva Linux, apoiada por uma organização sem fins lucrativos reconhecida e colaboradores eleitos. Mais do que apenas oferecer um sistema operacional livre, seguro, estável e sustentável, o objetivo é a criação de uma administração estável e confiável para orientar projetos colaborativos.

Este blog é alimentado pela comunidade aqui na rede SoftwareLivre.org e pelo feed do Planet Mageia English.

Mageia Blog (English) :

5 de Fevereiro de 2018, 12:54, por Planet Mageia (English) - 0sem comentários ainda

The flood of updates has slowed a little this week:

sox (Mga 5, 6); java-1.8.0-openjdk (Mga 5,6); rsyncMga 5,6; gdk-pixbuf2.0 (Mga5) – as always, check Mageia Advisories for details. Along with the 409 updates that have gone into Cauldron, there’s been plenty happening!

Behind the scenes, work is still happening on the panel applet update mechanism, on further Meltdown/Spectra mitigation, and on the possible Mageia 6.1 release, so the devs and QA folks we all rely on are still very busy indeed. As always, you can check for yourself on Mageia Advisories, the Mageia AppDB, PkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening. 

And almost daily, new and updated translations go up; hearty thanks to our translation team, who make Mageia so friendly to users around the world!

Interim info on Meltdown/Spectra mitigation

From tmb, our extremely busy kernel guru for whom we give thanks daily:

If you’re using

grep cpu_insecure /proc/cpuinfo && echo "patched" || echo "unpatched"

and you get

unpatched

don’t worry – this is an invalid check. Official Linux source does not have any “cpu_insecure” flag.

If you are using   

   cat /proc/cpuinfo | grep bugs

and you get 

bugs            : cpu_meltdown
bugs            : cpu_meltdown
bugs            : cpu_meltdown
bugs            : cpu_meltdown

This tells you that you have a CPU that is affected by meltdown and needs to be protected by KTPI. The only way you can get rid of that flag is to buy new hardware. That means according to Intel their new silicon that should become a new CPU by the end of 2018; for AMD and Spectre issues, it means buying a Zen2 based CPU, that is supposed to be out sometime in 2018.

If you have used https://github.com/speed47/spectre-meltdown-checker and the result is “not OK”:

That’s expected. Because:

1. Spectre variant 1 is hard to fix and also more difficult to abuse – it really needs microcode updates, and Intel botched that. According to Lenovo there should be a fix out around February 9th. AMD officially will only ship their microcode update to hardware vendors so it depends on when they will release updated bioses  or we can get the microcode through some other means. There is some code to mitigate here too, but afaik its not upstream yet.

2. Spectre variant 2 also really needs new microcode, and the IBRR/IBPB/… Kernel code mitigations have only started landing in upstream last week, and still need to be backported to the 4.14 longterm branch. And we have the alternative mitigation with minimal retpoline queued in https://bugs.mageia.org/show_bug.cgi?id=22454 (I plan to push this one later today as soon as I have written the advisories). For full retpoline we need compiler support, something I got patches for during Fosdem, and it’s now patched in gcc 5.5.0 in testing, so the next kernel will have full retpoline.

3. Meltdown has been mitigated since 4.14.13 was released in http://advisories.mageia.org/MGASA-2018-0076.html

NOTE. the Kernel Page Table Isolation mitigation is so far only for x86_64, but some suggested patches have been posted as RFC for i586, and should hopefully land soon-ish upstream and get backported. But then again, meltdown is not as easy on 32bit as it already has the 3G/1G memory split causing other complications.

Now I know some/many distros have “panic patched” stuff with earlier revisions of the fixes, but for example Redhat has afaik backed out of some of the spectre mitigations as it caused more problems than it fixed, so I have chosen to rely on somewhat tested code actually getting accepted and landing upstream.

That’s is where we are at the moment. If upstream keeps current pace we should hopefully have all the bits in place within ~1 week…

Thank you tmb!

In other news:

 The LQ Members Choice Awards polls are on right now. You may want to register and vote for Mageia being your distro of choice to add a little marketing “buzz” to our favourite distro. You can find the polls here: 

https://www.linuxquestions.org/questions/2017-linuxquestions-org-members-choice-awards-126/

If you are not a member of the LinuxQuestions.org group, you just have to register and then post one reply on their site. This then allows you to vote on various Linux poll items. Pass the word along to other Mageia supporters and make your voice count!



Mageia Blog (English) : Weekly Roundup 2018 – Weeks 3 & 4

29 de Janeiro de 2018, 12:05, por Planet Mageia (English) - 0sem comentários ainda

Apologies are due for the missing Roundup for Week 3; while the northern hemisphere has been freezing, down here in the south we have been boiling. Alas, all that heat doesn’t help with concentration! So, this is an aggregated Roundup.

FOSDEM

February is FOSDEM month – will you be in Brussels? Even when, as this year, we don’t have a stand, Mageians love to get together at FOSDEM. Check out the Wiki Page for this event, and let people know you’re coming so meetings and the Mageia Dinner can be arranged.

Some news

We were informed that mirror.math.princeton.edu will be down and physically relocated beginning 09:00 on Thursday, February 1. It is expected to be back online by noon that day. Note that their time zone is UTC -5, US Eastern Standard Time.

Updates – Mageia 5 and 6

We’re still, like Zeno and his tortoise, not quite ready to completely finish adding updates to Mageia 5 – there are still a few of the Meltdown and Spectra-related security fixes in the pipeline. We’ll add a separate blog post for the event to keep you informed. Recent security updates to Mageia 5 include nspr, rootcerts, nss, firefox, firefox-l10n, glibc, bind, squid and gdk-pixbuf2.0. Check Mageia Advisories for more details, and note that there are no bugfix updates for Mga5.

An update to the tray applet to upgrade from Mageia 5 to Mageia 6 is in QA testing; watch out for updates to this important utility. We hope it will smooth the path from 5 to 6 for those of you who want to do the version upgrade rather than a clean install.

For Mageia 6, the security update list is even longer – webkit2, kmod-vboxadditions, kmod-virtualbox, virtualbox, graphicsmagick, nspr, rootcerts, nss, firefox, firefox-l10n, glibc, locales, systemd, bind, unbound, golang, mariadb, gdk-pixbuf2.0, gifsicle and squid. Bufix updates include joe , mpv, radeon-firmware, ldetect-lst, libdrm, mesa, wayland-protocols, x11-driver-video-amdgpu, x11-driver-video-ati, x11-driver-video-intel, subtitlecomposer, nvidia340, smtube, smplayer, cargo and rust.

Cauldron

In the two weeks since the last Roundup, a staggering 939 package updates have come through into Cauldron! Maybe the devs are working so hard to keep warm? Thanks to them all, and to the QA/testing and translation folks for their amazing work.

As always, you can check for yourself on Mageia Advisories, the Mageia AppDB, PkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening.

Wiki updates

There’s also been lots of work happening on the Wiki, with updates and additions; check out the Recent Changes page, where you can also subscribe to the Atom feed to receive email alerts when changes are made.



Mageia Blog (English) : Weekly Roundup 2018 – Week 2

15 de Janeiro de 2018, 8:52, por Planet Mageia (English) - 0sem comentários ainda

The year is definitely under way, with an astonishing 412 packages coming through commits – mostly for cauldron, but a few are the last remaining updates for Mageia 5, as well as important security updates for Mageia 6.

Among those updates are all the kernel and microcode updates – our thanks to tmb and our untiring devs for these – to begin hitting Meltdown and Spectre on the head.

A big hand for the upstream kernel team, as well as our own packagers, QA testers and everyone else that was involved in getting this tested and released.

The best place to check these updates out fully is the Mageia Advisories page:

Screenshot of Mageia Advisories page

The Mageia Advisories page is full of information! Clicking on the Advisory number (second column) will take you to the full advisory; so, clicking on MGASA-2018-0076, the advisory for the most recent kernel updates to Mageia 6, takes you to an explanation of what is covered in the fix, plus references for further reading.

Screenshot of Advisory MGASA 2018-0076

If you’re more interested in the original security announcement, the list of CVEs in the right-hand column is also filled with links; clicking on any one of those links will take you to the information for that CVE. If, like CVE 2017-5715, it covers a number of fixes in Mageia, you will arrive at an interim page where all the updates covering that advisory are aggregated, looking like this:

Screenshot of Advisories aggregation

On the aggregated page, clicking on the part of the heading containing the advisory number

Screenshot of advisories heading

will take you to the CVE announcement.

You can keep up with all the other goings-on in Mageia on IRC or the Forums, as well as all the mailing lists – they’re all very active and welcoming places, so please join in!



Mageia Blog (English) : Weekly Roundup 2018 – Week 1

8 de Janeiro de 2018, 0:10, por Planet Mageia (English) - 0sem comentários ainda

In the spirit of a new year, Mageians have been very busy.

Meltdown and Spectre mitigation

meltdown and spectre logos

If you’ve been anywhere near a news channel in the last few days, you’ll have heard of these two CPU flaws – there’s an overview at arstechnica for those who haven’t seen it yet. It’s important to note that not only Intel CPUs are vulnerable!

Mageia kernel updates to mitigate these two flaws are already being worked on. Mageia 6 kernel updates released in the last 24 hours don’t as yet solve all the problems, but kernel-4.14.12-2.mga6 is in updates/testing (as is the .mga7 kernel for Cauldron). Expect updates very shortly. Our thanks to our tireless kernel devs and our ever busy QA team!

Mageia 5 is at end of life, people – to avoid issues with Meltdown and Spectre, it’s time to update to Mageia 6. Before you begin, please read “Upgrading from Mageia 5” and the associated links. That said, we have decided to apply specific updates to the kernel and to Firefox, just to deal with the Spectre and Meltdown vulnerabilities. Subsequent updates of the kernel to minimise the performance impact of the security updates will not be applied in Mageia 5, similar for other security fixes. So you have a little time to prepare to upgrade, but do get on it!

While all that has been going on, there has been a constant stream of updates into Cauldron, updates for Mageia 6 and the last few for Mageia 5, and plenty of packages going into testing. Check out the usual suspects: Mageia Advisories, the Mageia AppDBPkgSubmit to see the last 48 hours, and Bugzilla.

Have a great week!



Liberdade na Fronteira : Discussing the future of Cantor

7 de Janeiro de 2018, 14:07, por Planet Mageia (English) - 0sem comentários ainda

Hello devs! Happy new year!

It is common to use the new year date to start new projects or give new directions for old ones. The last one is the case for Cantor.

Since when I got the maintainer status for Cantor, I was working to improve the community around the software. Because the great plugins systems of Qt, it is easy to write new backends for Cantor, and in fact in last years Cantor reached the number of 11 backends.

If in a hand it is a nice thing because Cantor can run different mathematical engines, in other hand it is very common developers create backends, release them with Cantor upstream, and forget this piece of software after some months. The consequence of this is a lot of unsolved bugs in Bugzilla, unexpected behaviours of some backends, and more.

For instance, R backend is broken from some years right now (thanks Rishabh it was fixed during his GSoC/KDE Edu Sprint 2017 but not released yet). Sage backend breaks for each new release of Sage.

Different backends use different technologies. Scilab and Octave backends use QProcess + Standard Streams; Python 2 uses Python/C API; Python 3, R, and Julia use D-Bus.

In addition to these, remember each programming language used as mathematical engine for Cantor has their respective release schedule and it is very common new versions break the way as backends are implemented.

So, yes, the mainternhip of Cantor is a hell.

In order to remedy it I invited developers to be co-maintainer of these respective backends, but it does not have the effect I was suposed to. I implemented a way to present the versions of programming languages supported in the backend but it does not work well too.

So, my main work in Cantor during these years was try to solve bugs of backends I don’t use and, sometimes, I don’t know how they work, while new features were impossible to be planned and implemented.

If we give a look to Jupyter, the main software for notebook-based mathematical computation, it is possible to see this software supports several programming languages. But, in fact, this support is provide by the community – Jupyter focus effort in Python support only (named the ipython kernel) and in new features for Jupyter itself.

So, I would like to hear the KDE and Cantor community about the future of Cantor. My proposal is split the code of the others backends and put them as third-party plugins, maintained by their respective community. Only the Python 3 backend would be “officially” maintaned and delivered in KDE Applications bundle.

This way I could focus in provide new features and I could to say “well, this bug with X backend must be reported to the X backend community because they are accountable for this piece of software”.

So, what do you think about?



Tags deste artigo: mageia