Language Selection

English French German Italian Portuguese Spanish


Syndicate content
LinuxInsight - aggregated feeds
Updated: 1 hour 26 min ago

LXer: LibreOffice Office Suite Celebrates 6 Years of Activity with LibreOffice 5.2.2

Friday 30th of September 2016 03:09:25 AM
Italo Vignoli from The Document Foundation informs Softpedia via an email announcement about the general availability of the first point release of the LibreOffice 5.2 open-source and cross-platform office suite.

Reddit: What DE package contains the keybindings?

Friday 30th of September 2016 02:30:04 AM

I used to use KDE but on switching to xmonad I lost most of my keybindings - mostly the ones involving the fcn key (like to switch displays and whatnot).

What application do I need to start? I know for a fact that the keybindings haven't been deleted, just that Xmonad isn't loading them.

I can set them manually from xmonad.hs but surely you see why I don't want to go to that trouble.

submitted by /u/never-enough-glue
[link] [comments]

LXer: Tencent: Transforming Networks with SDN

Friday 30th of September 2016 02:06:31 AM
“SDN can really transform the way we do networks,” said Tom Bie, VP of Technology & Operation of Data Center, Networking and Server, Tencent, during his Wednesday keynote address at the Open Daylight Summit.

LinuxToday: Meet Apache Spot, a new open source project for cybersecurity

Friday 30th of September 2016 02:00:00 AM

Cloudera and Intel on Wednesday announced that they've donated a new open source project to the Apache Software Foundation

TuxMachines: New Releases

Friday 30th of September 2016 01:45:11 AM
  • Security-Oriented Qubes OS 3.2 Improves the Integrated Management Infrastructure

    Today, September 29, 2016, Joanna Rutkowska announced the general availability of the second point release of the Qubes OS 3 stable series of the security-oriented and open-source Linux-based computer operating system.

    Qubes OS 3.2 is a maintenance release, which means that it mostly adds general fixes and improvements to various of the distribution's core components and functionalities, including the integrated management infrastructure that was introduced as part of the previous update, Qubes 3.1, allowing users to also manage the "insides" of a virtual machine.

  • Alpine Linux 3.4.4 Is Out, Ships with Linux Kernel 4.4.22 LTS, OpenSSL Patches

    Today, September 28, 2016, Alpine Linux creator and lead developer Natanael Cop has the pleasure of announcing the release of the fourth maintenance update to the latest stable Alpine Linux 3.4 server-oriented operating system series.

    Alpine Linux 3.4.4 is out as the most advanced version, powered by the recently released, long-term supported Linux 4.4.22 kernel and bringing up-to-date components to make your Alpine Linux-based server(s) more stable and reliable than ever. Most of the core components have been updated, but the most important one is OpenSSL 1.0.2j, which received the latest security fixes, just like in the rest of the GNU/Linux distros.

read more

TuxMachines: Leftovers: Software

Friday 30th of September 2016 01:43:45 AM
  • Web Publishing and Development: Free Tools Abound

    Are you involved in DevOps and web development, or are you aiming to be? If so, you're probably very aware of many of the tools from the open standards and open source arenas that can make your work easier. Still, these are always spreading out at a fast clip and there are some applications and tools that are rarely discussed. Here at OStatic, we try to regularly update our collections focused on them. In this post, you'll find our latest roundup of free resources for web development that range from complete online courses available for free to unsung applications.

  • Phoronix Test Suite 6.6.1 Released
  • Skype for Linux Alpha 1.9 Adds a Dark Theme, Notification Muting
  • GNOME Calendar Pencils In Great New Features

    GNOME Calendar is one of the few decent desktop calendaring apps available on Linux — and it's going to get better.

  • The future of GNOME Calendar

    Today, the Calendar Team had the first meeting in history. Isaque, Lapo, Renata, Vamsi and I attended it, and the meeting was extremely productive! In fact, we were able to sketch out the general direction that GNOME Calendar will head towards.

read more

TuxMachines: More Android Leftovers

Friday 30th of September 2016 01:41:01 AM
  • ​Google beats back Oracle again in Java Android case

    To recap, Oracle claimed the 37 Java application programming interface (API) packages Google used to develop Android are covered by copyright. Of course, that's not really the issue. True, the the US Federal Circuit Court of Appeals foolishly ruled that APIs could be copyrighted. But the US District Court for the Northern District of California ruled in May 2016 that Google's use of the Java APIs were not subject to copyright licensing fees. Instead, Android's use of the APIs was covered by "fair use."

  • Google’s Open Source Fuchsia OS: The Mystery Linux Distro

    Few things are more tantalizing than a good mystery, and Google is making waves for an open source-centric mystery that may end up having profound implications. It all started in August when an extensive and unusual code repository for a new operating system called Fuchsia was discovered online, and now the growing source code set is on GitHub.

    Thus far, Google officials have been mostly mum on the aim of this operating system, although they have made a few things clear in chat forums. Two developers listed on Fuchsia's GitHub page — Christopher Anderson and Brian Swetland — are known for their work with embedded systems. The Verge, among other sites, has made a few logical deductions about the possible embedded systems focus for Fuchsia: “Looking into Fuchsia's code points gives us a few clues. For example, the OS is built on Magenta, a “medium-sized microkernel” that is itself based on a project called LittleKernel, which is designed to be used in embedded systems,” the site reports.

    The GitHub postings that confirm that Fuchsia is based on Magenta are particularly notable because Magenta has had applications in the embedded systems space. Here are some direct quotes: "Magenta is a new kernel that powers the Fuchsia OS. Magenta is composed of a microkernel as well as a small set of userspace services, drivers, and libraries necessary for the system to boot, talk to hardware, load userspace processes and run them, etc. Fuchsia builds a much larger OS on top of this foundation."

  • As Blackberry pulls out of handset business it has some big patent strategy calls to make

read more

TuxMachines: Leftovers: Ubuntu

Friday 30th of September 2016 01:40:51 AM
  • Budgie-Remix Makes Progress With Ubuntu 16.10 Base, Beta 2 Released

    Budgie-Remix, the unofficial Ubuntu spin making use of the Budgie Desktop, has released its 16.10 Beta 2 milestone following this week's Yakkety Yak Beta 2 release.

    Budgie-Remix is re-based to the latest Ubuntu 16.10 Yakkety package changes. In addition, a number of the Budgie-0Remix packages have been working their way into Debian proper and thus are available to Ubuntu 16.10 users via the official channels. Now available this way is the budgie-desktop package, Moka icon theme, Faba icon theme, and the Arc theme. The Ubuntu repository has also pulled in the Budgie artwork and wallpaper packages too.

  • Yakkety Yak Final Beta Released
  • Canonical Launches Commercial Support for Kubernetes

    Canonical, the lead commercial vendor behind the open-source Ubuntu Linux operating system, is getting into the Kubernetes market. Canonical now offers a freely available implementation of Kubernetes as well as commercial-support options.

    "I have no doubt that Kubernetes will be one of the major container co-ordination systems," Mark Shuttleworth, founder of Ubuntu, told ServerWatch.

  • [How To] Build an Ubuntu Controlled Sous-Vide Cooker

    I’ll be honest with you from the off: I had zero idea what sous-vide cooking was before I started writing this post. Wikipedia dutifully informs me that’s Sous-Vide is a style of cooking that involves a vacuum, bags, and steam.

  • Mintbox Mini Pro Linux Mini PC Launches For $395

    This week a new version of the popular Mintbox Mini Linux PC has been launched for $395 in the form of the Mintbox Mini Pro which is now equipped with 120 GB of SSD mSATA together with 64-bit AMD A10-Micro6700T system-on-a-chip with Radeon R6 graphics and features 8GB of DDR3L.

    The latest Mintbox Mini Pro is shipped preloaded with the awesome Linux Mint 18 operating system and includes a microSD card slot a serial port, and a micro SIM card reader.
    The new Mintbox Mini Pro is the same size as the original and measures 4.3 x 3.3 x 0.9 inches in size and weighs in at around 255g. The Linux mini PC incorporates a fanless design and features an all-metal case made of aluminium and zinc.

read more

TuxMachines: Leftovers: OSS and Sharing

Friday 30th of September 2016 01:38:30 AM
  • Minijail: Running Untrusted Programs Safely by Jorge Lucangeli Obes, Google
  • Minijail: Google’s Tool To Safely Run Untrusted Programs

    Google’s Minijail sandboxing tool could be used by developers and sysadmins to run untrusted programs safely for debugging and security checks, according to Google Software Engineer Jorge Lucangeli Obes, who spoke last month at the Linux Security Summit. Obes is the platform security lead for Brillo, Google's Android-based operating system for Internet-connected devices.

    Minijail was designed for sandboxing on Chrome OS and Android, to handle “anything that the Linux kernels grew.” Obes shared that Google teams use it on the server side, for build farms, for fuzzing, and pretty much everywhere.

    Since “essentially one bug separates you and any random attacker,” Google wanted to create a reliable means to swiftly identify problems with privileges and exploits in app development and easily enable developers to “do the right thing.”

    The tool is designed to assist admins who struggle with deciding what permissions their software actually needs, and developers who are vexed with trying to second guess which environment the software is going to run in. In both cases, sandboxing and privilege dropping tends to be a hit or miss affair.

    Even when developers use the privilege dropping mechanisms provided by the Linux kernel, sometimes things go awry due to numerous pitfalls along that path. One common example Obes cited was trying to ride a switch user function that will drop-root and then forgetting to check the result of the situation relief, or setuid function, afterwards.

  • Intel and Cloudera Give Apache an Open Source Data/Security Tool

    For the past year, we've taken note of the many Big Data projects that the Apache Software Foundation has been elevating to Top-Level Status. The organization incubates more than 350 open source projects and initiatives, and has squarely turned its focus to Big Data and developer-focused tools in recent months. As Apache moves Big Data projects to Top-Level Status, they gain valuable community support.

    Recently, the foundation announced that Apache Kudu has graduated from the Apache Incubator to become a Top-Level Project (TLP). Kudu is an open source columnar storage engine built for the Apache Hadoop ecosystem designed to enable flexible, high-performance analytic pipelines. And, Apache Twill has graduated as well. Twill is an abstraction over Apache Hadoop YARN that reduces the complexity of developing distributed Hadoop applications, allowing developers to focus more on their application logic. In another Apache-related Big Data move, Cloudera and Intel have announced that they've contributed a new open-source project to the Apache Software Foundation targeted at using Big Data analytics and machine learning for cybersecurity.

  • Twitter Open Sources Stream Processing Engine Heron

    Twitter announced the open sourcing of Heron, a stream-processing engine that is a successor to Apache Storm. Heron is backwards compatible with Apache Storm, which eases its adoption amongst developers. Heron has replaced Apache Storm as the stream data processing engine inside Twitter due to its scalability, debug-ability, ability to work in a shared cluster infrastructure and better performance. A comprehensive list of features is listed in the documentation.

  • Tencent: Transforming Networks with SDN

    “SDN can really transform the way we do networks,” said Tom Bie, VP of Technology & Operation of Data Center, Networking and Server, Tencent, during his Wednesday keynote address at the Open Daylight Summit. The China telecom giant should know about the issues of massive scale networks: they have more than 200 million users for QQ instant messaging, 300 million users of their payment service, and more than 800 million users of their VChat service. Bie noted that Tencent also operates one of the largest gaming networks in the world, along with video services, audio services, online literature services, news portals, and a range other digital content services.

  • The Second Wave of Platforms, an Interview with Cloud Foundry’s Sam Ramji

    In today’s world of platforms, services are increasingly connected. In the past, PaaS offerings were pretty much isolated. It’s that new connected infrastructure that is driving the growth of Cloud Foundry, the open source, service-oriented platform technology.

    Sam Ramji is CEO of Cloud Foundry, which is holding its European event in Frankfurt this week. At the conference, we spoke with Ramji to discuss, among other topics:

  • How to Find Your First OpenStack Job
  • LibreOffice 5.2.2 Now Available to Download
  • EC approves Slovenia courts data exchange solution

    First CEF AS4-compliant b2b solution developed as open source by a public administration

    The European Commission has tested and approved Laurentius, an eDelivery court documents and case exchange solution compliant with the AS4 profile of the OASIS ebMS standard. In September, Laurentius passed all tests by the EC’s Connecting Europe Facility (CEF) for its so-called “e-SENS AS4 conformant solutions”.

  • SDL 2.0.5 Is Readying For Release: Relative Mouse Mode For Wayland/Mir, Audio Capture

    SDL 2.0 point releases have ranged from being a few months apart to as much as two years apart. Fortunately, SDL 2.0.5 is now being put together for release just nine months after SDL 2.0.4.

    With the Mercurial repository, Sam Lantinga bumped the version in preparation for the SDL 2.0.5 release. The SDL 2.0.5 release hasn't officially happened yet, but it should be here soon.

  • Open standards default at Slovenia supreme court

    The use of open ICT standards is an IT requirement at Slovenia’s Supreme Court, responsible for the IT support of the entire court system in the country. The Supreme Court’s IT department has a strong preference for the development of modular, reusable software solutions. This strategy provides agility and flexibility, says Bojan Muršec, director of IT.

    The focus on open standards frees up the IT department to concentrate on the business, Muršec says. The IT department takes the modular approach serious: the first reusable module ever developed by the court - a court documents dispatch and delivery system - is re-used by all IT systems across the courts. “Making everything reusable prevents creation of silos in the organisation”, the IT director says.

    A positive side effect of the IT strategy is that the court uses mostly open source software solutions. This in turn helps to keep IT costs down, says the IT director, who estimates that the court saves EUR 400 to 500 thousand per year on licence fees: “The cost of proprietary licences always goes up.”

  • Why there is no CSS4 - explaining CSS Levels

    We had CSS1, and CSS2. We even had CSS2.1 and we then moved onto CSS3 – or did we? This post is a quick explanation of how CSS is versioned today.

    CSS versions 1 and 2 were monolithic specifications. All of CSS was included in one massive document. Selectors, positioning, colour – it was all in there.

    The problem with monolithic specifications is that in order to finish the spec, every component part also has to be finished. As CSS has grown in complexity, and new features are added, it doesn’t make sense to draw a line at which all work is stopped on all parts of CSS in order to declare that CSS version finished. Therefore, after CSS2.1 all the things that had been part of the 2.1 specification were broken down into modules. As the new CSS modules included all that had gone before plus any new features, they all came into being at Level 3. Hence CSS3, and people like me who understood CSS as a single specification referred to the group of Level 3 modules as “CSS3”.

read more

TuxMachines: Security Leftovers

Friday 30th of September 2016 01:33:47 AM
  • Linux.Mirai Trojan causing mayhem with DDoS attacks

    A Trojan named Linux.Mirai has been found to be carrying out DDoS attacks.

    The malicious program first appeared in May 2016, detected by Doctor Web after being added to its virus database under the name Linux.DDoS.87. The Trojan can work with with the SPARC, ARM, MIPS, SH-4, M68K architectures and Intel x86 computers.

  • Don't Hide DRM in a Security Update

    Over 10,000 of you have joined EFF in calling on HP to make amends for its self-destructing printers in the past few days. Looks like we got the company’s attention: today, HP posted a response on its blog. Apparently recognizing that its customers are more likely to see an update that limits interoperability as a bug than as a feature, HP says that it will issue an optional firmware update rolling back the changes that it had made. We’re very glad to see HP making this step.

    But a number of questions remain.

    First, we’d like to know what HP’s plans are for informing users about the optional firmware update. Right now, the vast majority of people who use the affected printers likely do not know why their printers lost functionality, nor do they know that it’s possible to restore it. All of those customers should be able to use their printers free of artificial restrictions, not just the relatively few who have been closely following this story.

  • 6 Ways Driverless Cars Are Going To Kill Lots Of People

    You've probably read a few articles about driverless cars over the past couple of years. The technology is coming along quickly, with fleets of test cars already on the roads in some states. It seems like soon we'll achieve the American dream of stuffing our faces and texting all we want while still managing to avoid public transportation.

    But the reality is quite different. We're diving into this technology a little too quickly and ignoring all the warning signs about how we are going to screw up on the way to Driverless Car Utopia.

read more

LXer: Google beats back Oracle again in Java Android case

Friday 30th of September 2016 01:03:37 AM
Oracle loses in court once again in its latest attempt to obtain Java copyright damages from Google.

Phoronix: FreeBSD 11.0 Comes Up Short In Ubuntu 16.04 vs. macOS Sierra Benchmarks

Friday 30th of September 2016 12:27:34 AM
Yesterday I published some macOS 10.2 vs. Ubuntu 16.04 LTS benchmarks from a Mac Mini and MacBook Air systems. For those curious if BSDs can outperform macOS Sierra on Apple hardware, I tested the MacBook Air with FreeBSD 11.0 compared to the Linux and macOS results on that Core i5 system. Here are those results.

LXer: How to Install Nagios Server Monitoring on Ubuntu 16.04

Friday 30th of September 2016 12:06:26 AM
Nagios is an open source software for system and network monitoring. Nagios can monitor the activity of a host and its services, and provides a warning/alert if something bad happens on the server. Nagios can run on Linux operating systems. At this time I will use Ubuntu 16.04 for the installation.

TuxMachines: Red Hat and Fedora

Thursday 29th of September 2016 11:46:31 PM
  • Red Hat Inc. (RHT) Downgraded by Zacks Investment Research to “Hold”
  • Earnings Estimate Report: Intel Corporation (NASDAQ:INTC) , Red Hat, Inc. (NYSE:RHT)
  • Switched to HTTPS

    Perhaps you already noticed it, I have switched all the sites for a secured browsing using HTTPS.

    So, new addresses are: for this Blog (with an automatic and permanent redirection) for the Forum (with an automatic and permanent redirection) for the Repository, but classical address stay available.

  • Fedora Hubs: Getting started

    Fedora Hubs provides a consistent contributor experience across all Fedora teams and will serve as an “intranet” page for the Fedora Project. There are many different projects in Fedora with different processes and workflows. Hubs will serve as a single place for contributors to learn about and contribute to them in a standardized format. Hubs will also be a social network for Fedora contributors. It is designed as one place to go to keep up with everything and everybody across the project in ways that aren’t currently possible.

read more

TuxMachines: Linux Graphics: Mesa and Gallium3D

Thursday 29th of September 2016 11:35:09 PM

read more

TuxMachines: Ubuntu 16.10 Doesn't Change Much With Performance, Clear Linux Still Leads In Most Tests

Thursday 29th of September 2016 11:28:32 PM

Given yesterday's Ubuntu 16.10 final beta release ahead of the official "Yakkety Yak" debut in two weeks, I decided to run some benchmarks of Ubuntu 16.10 compared to Ubuntu 16.04.1 LTS on the same system plus also throwing in the Intel Clear Linux distribution given it tends to be one of the most performant.

For those that haven't yet tried out Ubuntu 16.10 nor followed its development, GCC 6.2 is now the default compiler in place of GCC 5.4 from Ubuntu 16.04 LTS. Mesa 12.0.3 provides the stock graphics drivers and Linux 4.8 is the stock kernel.

Also: DDR4 Memory Speed Tests With The Core i7 6800K On Ubuntu Linux

read more

Reddit: Ubuntu Budgie-Remix 16.10 Beta 2 is now available

Thursday 29th of September 2016 11:24:28 PM

LXer: Ubuntu Budgie Remix 16.10 Beta 2 Officially Released with Budgie Desktop 10.2.7

Thursday 29th of September 2016 11:09:15 PM
Softpedia was informed today by David Mohammed from the budgie-remix project about the availability of the second and last Beta release of the upcoming Ubuntu Budgie Remix 16.10 operating system.

TuxMachines: Mozilla's Rust 1.12

Thursday 29th of September 2016 11:08:11 PM
  • Announcing Rust 1.12

    The Rust team is happy to announce the latest version of Rust, 1.12. Rust is a systems programming language with the slogan “fast, reliable, productive: pick three.”

    As always, you can install Rust 1.12 from the appropriate page on our website, and check out the detailed release notes for 1.12 on GitHub. 1361 patches were landed in this release.

  • Rust 1.12 Programming Language Released

    Rust 1.12 has been released as the newest version of this popular programming language with a focus on "fast, reliable, productive: pick three."

read more

More in Tux Machines

CVE-2016-5195 Patched

  • Linux Kernels 4.8.3, 4.7.9 & 4.4.26 LTS Out to Patch "Dirty COW" Security Flaw
    Today, October 20, 2016, Linux kernel maintainer Greg Kroah-Hartman announced three new maintenance updates for the Linux 4.8, 4.7, and 4.4 LTS kernel series, patching a major security vulnerability. Known as "Dirty COW," the Linux kernel vulnerability documented at CVE-2016-5195 is, in fact, a nasty bug that could have allowed local users to write to any file they can read. The worst part is that the security flaw was present in various Linux kernel builds since at least the Linux 2.6.x series, which reached end of life in February this year.
  • Canonical Patches Ancient "Dirty COW" Kernel Bug in All Supported Ubuntu OSes
    As reported earlier, three new Linux kernel maintenance releases arrived for various Linux-based operating systems, patching a critical and ancient bug popularly known as "Dirty COW." We already told you that the kernel vulnerability could be used by a local attacker to run programs as an administrator, and it looks like it also affects all supported Ubuntu releases, including Ubuntu 16.10 (Yakkety Yak), Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 LTS (Precise Pangolin), as well as all of their official or unofficial derivatives running the same kernel builds.

Mad Max Now on GNU/Linux

  • Mad Max Open World Action-Adventure Video Game Released for Linux, SteamOS & Mac
    After teasing us earlier this month, today, October 20, 2016, Feral Interactive had the great pleasure of announcing the release of the Mad Max open world action-adventure video game for the SteamOS, Linux, and Mac platforms. Feral Interactive is well known for bringing AAA titles to the Linux and Mac gaming world, and after porting the Tomb Raider 2013 reboot last year to our beloved platforms, which continue to get more fans by the day, now the UK-based video games publisher delights us with the superb Mad Max title developed by Avalanche Studios and published by Warner Bros.
  • Mad Max Launches For Linux
    Feral Interactive's port of Mad Max to Linux (and macOS) is now officially out and can be found on Steam. Feral announced their Mad Max port at the beginning of October while today it's ready to ship. As mentioned in that original article, the Linux system requirements are fairly stiff with only listing NVIDIA hardware under Linux and the minimum being a GTX 660 while the recommendation is at least a GTX 970.
  • Mad Max Appears To Work Fine With RadeonSI Gallium3D
    This morning's release of the Mad Max game for Linux lists only NVIDIA graphics as supported, but it does turn out at least for newer AMD GPUs using the RadeonSI Gallium3D driver things should work -- well, assuming you are using the latest open-source driver code.
  • Mad Max released for Linux, port report and review available
    Mad Max is the latest Linux port from Feral Interactive, probably one of the titles I have been most excited about so hopefully it lives up to the promise. It has only been a few weeks since Feral Interactive released Dawn of War II, Chaos Rising and Retribution on Linux, and now we have a real whopper with Mad Max. Something Linux lacks is a reasonable amount of high quality open-world story-based games. We started getting a few with Borderlands 2 and Shadow of Mordor, but another top quality game like this is a must for us to keep the interest up.

Red Hat and Fedora

  • Red Hat – the open source conglomerate
    As successful companies grow, they accumulate products; new ones are developed and additional ones are acquired. Managing diverse portfolios is a challenge, not least when it comes to putting it all together on a single presentation slide to make it appear there is an overall coherent product strategy.
  • Ericsson Embraces Red Hat OpenStack Platform
    Ericsson and Red Hat today announced a broad alliance to work together on network functions virtualization (NFV) products. And the telco infrastructure provider will now support the Red Hat OpenStack Platform. Ericsson already has a longstanding distribution partnership with Red Hat that includes Red Hat Enterprise Linux and Red Hat JBoss Middleware. The existing distribution partnerships define not only commercial terms, but also joint support models, co-engineering and certification testing, and joint go-to-market collaboration.
  • Raleigh's Red Hat teams up with Ericsson
    Open-source software firm Red Hat (NYSE: RHT) has teamed up with Ericsson (Nasdaq: ERIC) on what the companies are calling a “broad alliance” aimed at transforming the information and communications technology market. Red Hat, headquartered at downtown Raleigh’s Red Hat Tower, announced that its new partnership with Ericsson would allow the duo to deliver fully open-source and production-ready cloud infrastructure, spanning OpenStack, software-defined networking and software-defined infrastructure.
  • FCAIC in the House
    The job is like many other roles called “Community Manager” or “Community Lead.” That means there is a focus on metrics and experiences. One role is to try ensure smooth forward movement of the project towards its goals. Another role is to serve as a source of information and motivation. Another role is as a liaison between the project and significant downstream and sponsoring organizations. In Fedora, this means I help the Fedora Project Leader. I try to be the yen to his yang, the zig to his zag, or the right hand to his right elbow. In all seriousness, it means that I work on a lot of the non-engineering focused areas of the Fedora Project. While Matthew has responsibility for the project as a whole I try to think about users and contributors and be mechanics of keeping the project running smoothly.
  • keepalived: Simple HA
    We have been using keepalived in Fedora Infrastructure for a while now. It’s a pretty easy to use and simple way to do some basic HA. Keepalived can keep track of which machine is “master” for a IP address and quickly fail over and back when moving that IP address around. You can also run scripts on state change. Keepalived uses VRRP and handles updating arp tables when IP addresses move around. It also supports weighting so you can prefer one or another server to “normally” have the master IP/scripts.
  • What does Factory 2.0 mean for Modularity?
    This blog now has a drop-down category called Modularity. But, many arteries of Modularity lead into a project called Factory 2.0. These two are, in fact, pretty much inseparable. In this post, we’ll talk about the 5 problems that need to be solved before Modularity can really live. The origins of Factory 2.0 go back a few years, when Matthew Miller started the conversation at Flock. The first suggested names were “Fedora Rings”, “Envs and Stacks”, and Alephs.
  • varnish-5.0, varnish-modules-0.9.2 and hitch-1.4.1, packages for Fedora and EPEL
    The Varnish Cache project recently released varnish-5.0, and Varnish Software released hitch-1.4.1. I have wrapped packages for Fedora and EPEL. varnish-5.0 has configuration changes, so the updated package has been pushed to rawhide, but will not replace the ones currently in EPEL nor in Fedora stable. Those who need varnish-5.0 for EPEL may use my COPR repos at They include the varnish-5.0 and matching varnish-modules packages, and are compatible with EPEL 5, 6, and 7.
  • Installroot in DNF-2.0

Security News

  • Security advisories for Thursday
  • More information about Dirty COW (aka CVE-2016-5195)
    The security hole fixed in the stable kernels released today has been dubbed Dirty COW (CVE-2016-5195) by a site devoted to the kernel privilege escalation vulnerability. There is some indication that it is being exploited in the wild. Ars Technica has some additional information. The Red Hat bugzilla entry and advisory are worth looking at as well.
  • CVE-2016-5195
    My prior post showed my research from earlier in the year at the 2016 Linux Security Summit on kernel security flaw lifetimes. Now that CVE-2016-5195 is public, here are updated graphs and statistics. Due to their rarity, the Critical bug average has now jumped from 3.3 years to 5.2 years. There aren’t many, but, as I mentioned, they still exist, whether you know about them or not. CVE-2016-5195 was sitting on everyone’s machine when I gave my LSS talk, and there are still other flaws on all our Linux machines right now. (And, I should note, this problem is not unique to Linux.) Dealing with knowing that there are always going to be bugs present requires proactive kernel self-protection (to minimize the effects of possible flaws) and vendors dedicated to updating their devices regularly and quickly (to keep the exposure window minimized once a flaw is widely known).
  • “Most serious” Linux privilege-escalation bug ever is under active exploit (updated)
    While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. What's more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.
  • Linux users urged to protect against 'Dirty COW' security flaw
    Organisations and individuals have been urged to patch Linux servers immediately or risk falling victim to exploits for a Linux kernel security flaw dubbed ‘Dirty COW'. This follows a warning from open source software vendor Red Hat that the flaw is being exploited in the wild. Phil Oester, the Linux security researcher who uncovered the flaw, explained to V3 that the exploit is easy to execute and will almost certainly become more widely used. "The exploit in the wild is trivial to execute, never fails and has probably been around for years - the version I obtained was compiled with gcc 4.8," he said.
  • Hackers Hit U.S. Senate GOP Committee
    The national news media has been consumed of late with reports of Russian hackers breaking into networks of the Democratic National Committee. Lest the Republicans feel left out of all the excitement, a report this past week out of The Netherlands suggests Russian hackers have for the past six months been siphoning credit card data from visitors to the Web storefront of the National Republican Senatorial Committee (NRSC). [...] Dataflow markets itself as an “offshore” hosting provider with presences in Belize and The Seychelles. Dataflow has long been advertised on Russian-language cybercrime forums as an offshore haven that offers so-called “bulletproof hosting,” a phrase used to describe hosting firms that court all manner of sites that most legitimate hosting firms shun, including those that knowingly host spam and phishing sites as well as malicious software. De Groot published a list of the sites currently present at Dataflow. The list speaks for itself as a collection of badness, including quite a number of Russian-language sites selling synthetic drugs and stolen credit card data. According to De Groot, other sites that were retrofitted with the malware included e-commerce sites for the shoe maker Converse as well as the automaker Audi, although he says those sites and the NRSC’s have been scrubbed of the malicious software since his report was published. But De Groot said the hackers behind this scheme are continuing to find new sites to compromise. “Last Monday my scans found about 5,900 hacked sites,” he said. “When I did another scan two days later, I found about 340 of those had been fixed, but that another 170 were newly compromised.”
  • Thoughts on the BTB Paper
    The Branch Target Buffer (BTB) whitepaper presents some interesting information. It details potential side-channel attacks by utilizing timing attacks against the branch prediction hardware present in Intel Haswell processors. The article does not mention Intel processors later than Haswell, such as Broadwell or Skylake. Side-channel attacks are always interesting and fun. Indeed, the authors have stumbled into areas that need more research. Their research can be applicable in certain circumstances. As a side-note, KASLR in general is rather weak and can be considered a waste of time[1]. The discussion why is outside the scope of this article.