Language Selection

English French German Italian Portuguese Spanish

Linux Journal

Syndicate content
Updated: 6 hours 9 min ago

Oracle Linux 8 Released, Microsoft Offering Free Open-Source Software to Help Secure Voting Machines, Linux Mint 19.2 "Tina" Cinnamon Beta Is Out, First Beta of Latte Dock for v0.9 Now Available and Ubuntu 18.10 Cosmic Cuttlefish Reaches End of Life

Friday 19th of July 2019 02:26:46 PM

News briefs for July 19, 2019.

Oracle yesterday announced the release of Oracle Linux 8. New features include Application Streams, a "Dandified Yum", RPM improvements and much more. From the announcement: "With Oracle Linux 8, the core operating environment and associated packages for a typical Oracle Linux 8 server are distributed through a combination of BaseOS and Applications Streams. BaseOS gives you a running user space for the operating environment. Application Streams provides a range of applications that were previously distributed in Software Collections, as well as other products and programs, that can run within the user space."

Microsoft this week announced it was giving away software to help secure American voting machines. According to NBC News, "The company said it was rolling out the free, open-source software product called ElectionGuard, which it said uses encryption to 'enable a new era of secure, verifiable voting.' The company is working with election machine vendors and local governments to deploy the system in a pilot program for the 2020 election. The system uses an encrypted tracking code to allow a voter to verify that his or her vote has been recorded and has not been tampered with, Microsoft said in a blog post."

Linux Mint 19.2 "Tina" Cinnamon beta was released this week. Some highlights in version 19.2 include improved kernel support in the update manager, improved software manager and a new look and layout for system reports. Go here to read about all the new features, and read the release notes here.

The first beta of Latte Dock for v0.9 (v0.8.97) has been released. New features include a new colors mechanism, online indicator, shared layouts and more. v0.9 is scheduled for release at the end of the month. The Psifidotos blog notes that you can help by finding bugs or with translations.

Ubuntu 18.10 (Cosmic Cuttlefish) officially reaches end of life today. Package updates will no longer be accepted to 18.10, and security notices will no longer include information or package updates for 18.10. To upgrade, visit

News Oracle Microsoft Latte Dock Ubuntu Linux Mint

Data in a Flash, Part IV: the Future of Memory Technologies

Friday 19th of July 2019 11:30:00 AM
by Petros Koutoupis

I have spent the first three parts of this series describing the evolution and current state of Flash storage. I also described how to configure an NVMe over Fabric (NVMeoF) storage network to export NVMe volumes across RDMA over Converged Ethernet (RoCE) and again over native TCP. [See Petros' "Data in a Flash, Part I: the Evolution of Disk Storage and an Introduction to NVMe", "Data in a Flash, Part II: Using NVMe Drives and Creating an NVMe over Fabrics Network" and "Data in a Flash, Part III: NVMe over Fabrics Using TCP".]

But what does the future of memory technologies look like? With traditional Flash technologies that are enabled via NVMe, you should continue to expect higher capacities. For instance, what comes after QLC or Quad-Level Cells NAND technology? Only time will tell. The next-generation NVMe specification will introduce a protocol standard operating across more PCI Express lanes and at a higher bandwidth. As memory technologies continue to evolve, the method in which you plug that technology into your computers will evolve with it.

Remember, the ultimate goal is to move closer to the CPU and reduce access times (that is, latencies).

Figure 1. The Data Performance Gap as You Move Further Away from the CPU

Storage Class Memory

For years, vendors have been developing a technology in which you are able to plug persistent memory into traditional DIMM slots. Yes, these are the very same slots that volatile DRAM also uses. Storage Class Memory (SCM) is a newer hybrid storage tier. It's not exactly memory, and it's also not exactly storage. It lives closer to the CPU and comes in two forms: 1) traditional DRAM backed by a large capacitor to preserve data to a local NAND chip (for example, NVDIMM-N) and 2) a complete NAND module (NVDIMM-F). In the first case, you retain DRAM speeds, but you don't get the capacity. Typically, a DRAM-based NVDIMM is behind the latest traditional DRAM sizes. Vendors such as Viking Technology and Netlist are the main producers of DRAM-based NVDIMM products.

The second, however, will give you the larger capacity sizes, but it's not nearly as fast as DRAM speeds. Here, you will find your standard NAND—the very same as found in modern Solid State Drives (SSDs) fixed onto your traditional DIMM modules.

Go to Full Article

Comparing Linux Package Formats - Deb, Flatpak, AppImage, etc.

Thursday 18th of July 2019 08:17:56 PM

Please support Linux Journal by subscribing or becoming a patron.

Episode 23: Advertisers: Don't Be Creepy

Thursday 18th of July 2019 07:57:55 PM
Your browser does not support the audio element. Episode 23: Advertisers: Don't Be Creepy

Katherine Druckman and Doc Searls talk to Linux Journal's Danna Vedder about the current state of advertising.

New Linux Malware Called EvilGnome Discovered; First Preview of Fedora CoreOS Now Available; Germany Bans Schools from Using Microsoft, Google and Apple; VirtualBox 6.0.10 Released; and Sparky 5.8 Has New Live/Install Media for Download

Thursday 18th of July 2019 01:30:32 PM

News briefs for July 18, 2019.

New Linux malware has been discovered that masquerades as a GNOME shell extension and spies on users. Bleeping Computer reports that Intezer Labs' researchers made the discovery earlier this month, and they say that "EvilGnome's functionalities include desktop screenshots, file stealing, allowing capturing audio recording from the user's microphone and the ability to download and execute further modules. The implant contains an unfinished keylogger functionality, comments, symbol names and compilation metadata which typically do not appear in production versions." See Intezer's blog for more on EvilGnome.

Fedora recently announced the first preview release of Fedora CoreOS. From the announcement: "Fedora CoreOS is built to be the secure and reliable host for your compute clusters. It's designed specifically for running containerized workloads without regular maintenance, automatically updating itself with the latest OS improvements, bug fixes, and security updates. The initial preview release of Fedora CoreOS runs on bare metal, QEMU, VMware, and AWS, on x86_64 only." Go here to download and get started with Fedora CoreOS.

Germany has banned its schools from using cloud-based productivity suites from Microsoft, Google, and Apple, because the companies weren't meeting the country's privacy requirements. Naked Security reports, that the statement from the Hessische Beauftragte für Datenschutz und Informationsfreiheit (Hesse Commissioner for Data Protection and Freedom of Information, or HBDI) said, "The digital sovereignty of state data processing must be guaranteed. With the use of the Windows 10 operating system, a wealth of telemetry data is transmitted to Microsoft, whose content has not been finally clarified despite repeated inquiries to Microsoft. Such data is also transmitted when using Office 365." The HBDI also stressed that "What is true for Microsoft is also true for the Google and Apple cloud solutions. The cloud solutions of these providers have so far not been transparent and comprehensible set out. Therefore, it is also true that for schools, privacy-compliant use is currently not possible."

VirtualBox 6.0.10 was released this week. According to Linux Uprising, it's a maintenance release with mostly bug fixes, but it does have one main new addition: "support for UEFI secure boot driver signing on Ubuntu and Debian 10+ hosts". See the full Changelog for more details.

Sparky 5.8 "Nibiru" has new live/install media available to download. This is the first release of the stable line based on Debian 10 "Buster". Changes include Linux kernel 4.19.37-5 (i686 and amd64) and 4.19.57-v7 (ARMHF), Calamares installer updated to 3.2.11, old third party repositories have been removed and much more. Go here to download the Sparky stable edition.

News Security GNOME Fedora Germany Microsoft Google Apple VirtualBox UEFI Sparky Linux

Shrinking Linux Attack Surfaces

Thursday 18th of July 2019 11:00:00 AM
by Zack Brown

Often, a kernel developer will try to reduce the size of an attack surface against Linux, even if it can't be closed entirely. It's generally a toss-up whether such a patch makes it into the kernel. Linus Torvalds always prefers security patches that really close a hole, rather than just give attackers a slightly harder time of it.

Matthew Garrett recognized that userspace applications might have secret data that might be sitting in RAM at any given time, and that those applications might want to wipe that data clean so no one could look at it.

There were various ways to do this already in the kernel, as Matthew pointed out. An application could use mlock() to prevent its memory contents from being pushed into swap, where it might be read more easily by attackers. An application also could use atexit() to cause its memory to be thoroughly overwritten when the application exited, thus leaving no secret data in the general pool of available RAM.

The problem, Matthew pointed out, came if an attacker was able to reboot the system at a critical moment—say, before the user's data could be safely overwritten. If attackers then booted into a different OS, they might be able to examine the data still stored in RAM, left over from the previously running Linux system.

As Matthew also noted, the existing way to prevent even that was to tell the UEFI firmware to wipe system memory before booting to another OS, but this would dramatically increase the amount of time it took to reboot. And if the good guys had won out over the attackers, forcing them to wait a long time for a reboot could be considered a denial of service attack—or at least downright annoying.

Ideally, Matthew said, if the attackers were only able to induce a clean shutdown—not simply a cold boot—then there needed to be a way to tell Linux to scrub all data out of RAM, so there would be no further need for UEFI to handle it, and thus no need for a very long delay during reboot.

Matthew explained the reasoning behind his patch. He said:

Unfortunately, if an application exits uncleanly, its secrets may still be present in RAM. This can't be easily fixed in userland (eg, if the OOM killer decides to kill a process holding secrets, we're not going to be able to avoid that), so this patch adds a new flag to madvise() to allow userland to request that the kernel clear the covered pages whenever the page reference count hits zero. Since vm_flags is already full on 32-bit, it will only work on 64-bit systems.

Matthew Wilcox liked this plan and offered some technical suggestions for Matthew G's patch, and Matthew G posted an updated version in response.

Go to Full Article

Malicious Python Libraries Discovered on PyPI, Offensive Security Launches the Kali NetHunter App Store, IBM Livestreaming a Panel with Original Apollo 11 Technicians Today, Azul Systems Announces OpenJSSE and Krita 4.2.3 Released

Wednesday 17th of July 2019 02:08:55 PM

News briefs for July 17, 2019.

Malicious Python libraries have been found on the official Python Package Index (PyPI), which contain a hidden backdoor that would activate when installed on Linux systems. According to ZDNet, the three packages are named libpeshnx, libpesh and libari, and they "were authored by the same user (named ruri12) and had been available for download from PyPI for almost 20 months, since November 2017, before the packages were discovered earlier this month by security researchers from ReversingLabs. The PyPI team removed the packages on July 9, the same day ReversingLabs notified the PyPI repo maintainers about their findings." In addition, "None of the three packages ever listed a description, so it's impossible to tell what was their purpose. However, PyPI stats showed that the packages were being regularly downloaded, with tens of monthly installations for each."

Offensive Security, the creators of open-source Kali Linux, has launched the Kali NetHunter App Store, "a new one stop shop for security relevant Android applications. Designed as an alternative to the Google Play store for Android devices, the NetHunter store is an installable catalogue of Android apps for pentesting and forensics". The press release also notes that the NetHunter store is a slightly modified version of F-Droid: "While F-Droid installs its clients with telemetry disabled and asks for consent before submitting crash reports, the NetHunter store goes a step further by removing the entire code to ensure that privacy cannot be accidentally compromised". See the blog post for more details.

IBM to reunite original Apollo 11 mission technicians today for a live panel discussion celebrating the 50th anniversary of the Apollo 11 moon landing. The panel will be available via livestream starting at 2:30pm EDT. From the press release: "Moderated by Dr. John E. Kelly, IBM Executive Vice President, from the Johnson Space Center in Houston, Texas, the panel will reunite veterans of the Apollo 11 mission to share behind-the-scenes details of what it was like to be right in the middle of the action in the lead-up to and during this historic moment in time. The panelists will also look ahead to how the future of artificial intelligence, quantum computing, and other technologies could help us reach new frontiers." The livestream will be available here.

Azul Systems announces it has created OpenJSSE, an open-source implementation of TLS 1.3 for Java SE 8, which is now included in the latest releases of its Zulu Community and Zulu Enterprise products. You can find source code, example use cases and documentation on GitHub.

Krita 4.2.3 was released this morning. This release is mainly a bug fix release, but it does include one new feature: "it is now possible to rotate the canvas with a two-finger touch gesture. This feature was implemented by Sharaf Zaman for his 2019 Google Summer of Code work of porting Krita to Android. The feature also works on other platforms, of course."

News python Security Kali Linux Kali NetHunter App Store Android IBM Java OpenJSSE Krita

When Choosing Your Commercial Linux, Choose Wisely!

Wednesday 17th of July 2019 12:00:00 PM
by Vince Calandra

“Linux is Linux is Linux,” is a direct quote I heard in a meeting I had recently with a major multi-national, critical-infrastructure company. Surprisingly and correctly, there was one intelligent and brave engineering executive who replied to this statement, made by one of his team members, with a resounding, “That’s not true.” Let’s be clear, selecting a commercial Linux is not like selecting corn flakes. This is especially true when you are targeting embedded systems. You must be considering key questions regarding the supplier of the distribution, the criticality of the target application, security and life-cycle support for your product.

Choose Wisely

There is a wonderful scene in the movie Indiana Jones and the Last Crusade when our hero, Indiana, must select the true Holy Grail. Set before him is a multitude of cups ranging from opulent, bejeweled challises to simple clay drinking cups. If you have seen the movie, Indiana reasons out the best choice, and it was a life or death selection. The knight who had been guarding the challises for centuries famously says, “You chose… wisely.” Why bring up this iconic scene? When you are selecting a commercial Linux distribution, you have a multitude of choices all bejeweled with wonderful marketing. The bottom line is that you want to save dollars that you would have otherwise spent on a DIY-Linux approach and ensure the commercial Linux selected fits your particular application. Here are some questions that you will need to keep in mind:

  • Is this for an IT application?

  • Is this for an OT (Operational Technology) application?

  • How long will this system be in the field?

  • What processes and procedures are used by my supplier to cover security vulnerabilities?

  • Can my supplier integrate in other Linux packages that support functionality I need going forward?

This is the short list. Other elements to keep in mind are the specific distribution’s origin and the Open Source community upon which it is based. How important is that specific Linux supplier with regard to the Open Source community upon which the distribution is based? These elements need to be part of the thought process.

I’ll Let My Silicon Choose

Go to Full Article

IBM Announces Three New Open Source Projects for Developing Apps for Kubernetes and the Data Asset eXchange (DAX), the Linux Foundation Is Having a Sysadmin Day Sale, London Launches Open-Source Homebuilding App and Clonezilla Live 2.6.2-15 Released

Tuesday 16th of July 2019 01:55:59 PM

News briefs for July 16, 2019.

IBM this morning announces three new open-source projects that "make it faster and easier for you to develop and deploy applications for Kubernetes". Kabanero "integrates the runtimes and frameworks that you already know and use (Node.js, Java, Swift) with a Kubernetes-native DevOps toolchain". Appsody "gives you pre-configured stacks and templates for a growing set of popular open source runtimes and frameworks, providing a foundation on which to build applications for Kubernetes and Knative deployments". And Codewind "provides extensions to popular integrated development environments (IDEs) like VS Code, Eclipse, and Eclipse Che (with more planned), so you can use the workflow and IDE you already know to build applications in containers."

IBM also today announces the Data Asset eXchange (DAX), which is "an online hub for developers and data scientists to find carefully curated free and open datasets under open data licenses". The press release notes that whenever possible, "datasets posted on DAX will use the Linux Foundation's Community Data License Agreement (CDLA) open data licensing framework to enable data sharing and collaboration. Furthermore, DAX provides unique access to various IBM and IBM Research datasets. IBM plans to publish new datasets on the Data Asset eXchange regularly. The datasets on DAX will integrate with IBM Cloud and AI services as appropriate."

In honor of Sysadmin Day, the Linux Foundation is offering all IT certification and prep course bundles for $325 each, along with a bonus course valued at $299 and a free Linux Foundation ball cap. The sale runs today until July 26th.

The city of London launches an open-source app for homebuilding. Arch News reports that "The freely-available app, titled PRISM, is aimed at the design and construction of high-quality, factory-built homes to address the current demand of 50,000+ houses per year."

Clonezilla live (2.6.2-15) was released recently. This release include major enhancements and bug fixes. The Linux kernel was updated to 4.19.37-5, the underling OS is based on the Debian Sid repository (as of 2019/Jul/07), the mechanism to update uEFI nvram boot entry was improved, and much more. The Clonezilla live 2.6.2-15 download link is here.

News IBM Kubernetes DevOps Open Data The Linux Foundation Clonezilla

Arduino from the Command Line: Break Free from the GUI with Git and Vim!

Tuesday 16th of July 2019 11:30:00 AM
by Matthew Hoskins

Love Arduino but hate the GUI? Try arduino-cli.

In this article, I explore a new tool released by the Arduino team that can free you from the existing Java-based Arduino graphical user interface. This allows developers to use their preferred tools and workflow. And perhaps more important, it'll enable easier and deeper innovation into the Arduino toolchain itself.

The Good-Old Days

When I started building hobby electronics projects with microprocessors in the 1990s, the process entailed a discrete processor, RAM, ROM and masses of glue logic chips connected together using a point-to-point or "wire wrapping" technique. (Look it up kids!) Programs were stored on glass-windowed EPROM chips that needed to be erased under UV light. All the tools were expensive and difficult to use, and development cycles were very slow. Figures 1–3 show some examples of my mid-1990s microprocessor projects with discrete CPU, RAM and ROM. Note: no Flash, no I/O, no DACs, no ADCs, no timers—all that means more chips!

Figure 1. Example Mid-1990s Microprocessor

Figure 2. Example Mid-1990s Microprocessor

Figure 3. Example Mid-1990s Microprocessor

It all changed in 2003 with Arduino.

The word "Arduino" often invokes a wide range of opinions and sometimes emotion. For many, it represents a very low bar to entry into the world of microcontrollers. This world before 2003 often required costly, obscure and closed-source development tools. Arduino has been a great equalizer, blowing the doors off the walled garden. Arduino now represents a huge ecosystem of hardware that speaks a (mostly) common language and eases transition from one hardware platform to another. Today, if you are a company that sells microcontrollers, it's in your best interest to get your dev boards working with Arduino. It offers a low-friction path to getting your products into lots of hands quickly.

It's also important to note that Arduino's simplicity does not inhibit digging deep into the microcontroller. Nothing stops you from directly twiddling registers and using advanced features. It does, however, decrease your portability between boards.

Go to Full Article

Q4OS 3.8 Stable Released, Kernel 5.2.1 Is Out, Cloudera Announces New Open-Source Licensing Model, Microsoft's Quantum Development Kit Now Available as an Open-Source Project on GitHub and Alan Turing to Be Featured on New Note in the UK

Monday 15th of July 2019 01:59:41 PM

News briefs for July 15, 2019.

Q4OS 3.8 stable was released today. This is a long-term support (LTS) release based on Debian Buster 10 with Plasma 5.14 and optionally Trinity 14.0.6 for desktop environments. Its primary aim is stability, and it's code-named Centaurus. It's available for 64bit and 32bit/i686pae computers, and also for older i386 systems without PAE extension. Support for ARM devices is in the works. Go here to download.

Linux kernel 5.2.1 was released yesterday. Greg Kroah-Hartman writes, "All users of the 5.2 kernel series must upgrade. The updated 5.2.y git tree can be found at: git:// linux-5.2.y and can be browsed at the normal git web browser:;a=summary."

Cloudera recently announced an new open-source licensing model. The company's Vision blog post states that the new strategy "aligns the licensing models previously used by each of Hortonworks and Cloudera and also introduces some new changes. We take our open source leadership role seriously, and recognize that our need to align our own licenses is also an opportunity to lead and to renew our commitment to open source software." Moving forward all of the company's open-source licenses "will adhere to one of two OSI approved licenses: the Apache License, Version 2, or the GNU Affero General Public License, Version 3 ('AGPL')". The post also notes Cloudera's open-source goals: "freedom from vendor lock-in", "community standards, not Cloudera standards" and "open ecosystem". See the Cloudera Licensing Policy FAQ for more details.

Microsoft's Quantum Development Kit is now available as an open source project on GitHub. According to Windows Central, "The QDK, which launched in preview last year, gives developers access to the Q# programming language, quantum simulators, and the libraries needed to start experimenting with quantum computing before it goes mainstream." See also the Microsoft Quantum blog for more information.

The Bank of England has announced that Alan Turing will be on the new £50 note in the UK. Gizmodo quotes Bank of England Governor Mark Carney: "Why Turing? Turing was an outstanding mathematician whose works had an enormous impact on how we live today. As the father of computer science and artificial intelligence, Alan Turing's contributions were far-ranging and path-breaking. His genius lay in a unique ability to link the philosophical and the abstract with the practical and the concrete. And all around us his legacy continues to build. Turing is a giant on whose shoulders so many now stand."

News Q4OS Distributions Debian kernel Cloudera open source licensing Microsoft Quantum Computing Alan Turing

An AI Wizard of Words

Monday 15th of July 2019 11:00:00 AM
by Marcel Gagné

A look at using OpenAI's Generative Pretrained Transformer 2 (GPT-2) to generate text.

It's probably fair to say that there's more than one person out there who is worried about some version of artificial intelligence, or AI, possibly in a robot body of some kind, taking people's jobs. Anything that is repetitive or easily described is considered fair game for a robot, so driving a car or working in a factory is fair game.

Until recently, we could tell ourselves that people like yours truly—the writers and those who create things using some form of creativity—were more or less immune to the march of the machines. Then came GPT-2, which stands for Generative Pretrained Transformer 2. I think you'll agree, that isn't the sexiest name imaginable for a civilization-ending text bot. And since it's version 2, I imagine that like Star Trek's M-5 computer, perhaps GPT-1 wasn't entirely successful. That would be the original series episode titled, "The Ultimate Computer", if you want to check it out.

So what does the name "GPT-2" stand for? Well, "generative" means pretty much what it sounds like. The program generates text based on a predictive model, much like your phone suggests the next word as you type. The "pretrained" part is also quite obvious in that the model released by OpenAI has been built and fine-tuned for a specific purpose. The last word, "Transformer", refers to the "transformer architecture", which is a neural network design architecture suited for understanding language. If you want to dig deeper into that last one, I've included a link from a Google AI blog that compares it to other machine learning architecture (see Resources).

On February 14, 2019, Valentine's Day, OpenAI released GPT-2 with a warning:

Our model, called GPT-2 (a successor to GPT), was trained simply to predict the next word in 40GB of Internet text. Due to our concerns about malicious applications of the technology, we are not releasing the trained model. As an experiment in responsible disclosure, we are instead releasing a much smaller model for researchers to experiment with, as well as a technical paper.

I've included a link to the blog in the Resources section at the end of this article. It's worth reading partly because it demonstrates a sample of what this software is capable of using the full model (see Figure 1 for a sample). We already have a problem with human-generated fake news; imagine a tireless machine capable of churning out vast quantities of news and posting it all over the internet, and you start to get a feel for the dangers. For that reason, OpenAI released a much smaller model to demonstrate its capabilities and to engage researchers and developers.

Go to Full Article

Google Announces Docsy; KDE Releases Applications 19.04.3, Plasma 5.16.3 and Kdenlive 19.04.3; Alpine Linux 3.10.1 Is Now Available; and Valve Launches Steam Labs

Friday 12th of July 2019 02:03:35 PM

News briefs for July 12, 2019.

Google yesterday announced Docsy, a website theme for technical documentation. From the Google blog post: "Docsy builds on existing open source tools, like Hugo, and our experience with open source docs, providing a fast and easy way to stand up an OSS documentation website with features specifically designed to support technical documentation. Special features include everything from site navigation to multi-language support—with easy site deployment options provided by Hugo. We also created guidance on how to add additional pages, structure your documentation, and accept community contributions, all with the goal of letting you focus on creating great content."

Several KDE releases came this week. KDE Applications 19.04.3 was released yesterday. This release contains more than 60 bugfixes and translation updates. See the full changelog for details.

KDE Plasma 5.16.3 also was released. This update comes just two weeks after the 5.16 release and contains several bugfixes and new translations. See the full Changelog for specifics.

And, Kdenlive 19.04.3 was released today. This release contains a ton of fixes, including "fixing compositing and speed effect regressions, thumbnail display issues of clips in the timeline and many Windows fixes. You can get the AppImage from the download page.

Alpine Linux 3.10.1 has been released. See the git log for the full list of changes in this version of the security-oriented lightweight distro.

Valve has launched Steam Labs, which gives users a peek at new experiments in development. According to TechCrunch, "Valve is quick to point out that all of these experiments are just that—there's no promising that any of the stuff that hits the Labs will make it all the way to the official client. They also say that even 'Steam Labs is itself an experiment', which will probably change and evolve a bunch over time." The first three experiments on Steam Labs are Micro Trailers, Interactive Recommender and Automatic Show.

News Google Docsy KDE Plasma Alpine Linux

GIS on Linux with SAGA

Friday 12th of July 2019 12:00:00 PM
by Joey Bernard

In this article, I want to look at a GIS option available for Linux—specifically, a program called SAGA (System for Automated Geoscientific Analyses). SAGA was developed at the Department of Physical Geography in Germany. It is built with a plugin module architecture, where various functions are provided by individual modules. A very complete API is available to allow users to extend SAGA's functionality with newly written modules. I take a very cursory look at SAGA here and describe a few things you might want to do with it.

Installing SAGA should be as easy as looking at the software repository for your favourite distribution. For Debian-based distros, you can install it with the command:

sudo apt-get install saga

When you first start it, you get a blank workspace where you can begin your project.

Figure 1. SAGA starts up with a central project window, several tool panes on the left and console messages at the bottom.

Two major categories of data sets are available that you can use within your projects: satellite imagery and terrain data. The tutorial website provides detailed walk-throughs that show how you can get access to these types of data sets for use in your own projects. The tutorial website also has sections on some of the processing tools available for doing more detailed analysis.

SAGA understands several data file formats. The typical ones used in GIS, like SHP files or point clouds, are the default options in the file selector window. You can work with these types of data, or satellite imagery or terrain data.

Let's start by looking at terrain analysis in SAGA. You'll need digital elevation data, in DEM format, which is available from the SRTM Tile Grabber site. You will get a zip file for each region you select, and these zip files contain geotiff files for the selected regions.

Load the geotiff file by clicking File→Open. By default, it will show only the common project file formats. To locate your downloaded geotiff files, you'll need to change the filter at the bottom of the file selector window to be all files. Once it is loaded, it will show up in the list of data sources in the bottom-left window pane.

Figure 2. You can load data sources, such as geotiffs, into your project.

Go to Full Article

EFF Celebrating 29th Birthday with $20 Membership, Linode Launches New GPU-Optimized Cloud Computing Instances, Syncthing 1.2.0 Released, Kali Linux Now Available for RPi 4 and GNOME Devs to Disable Snap Plugin for GNOME Software

Thursday 11th of July 2019 01:34:22 PM

News briefs for July 11, 2019.

The Electronic Frontier Foundation is celebrating its 29th birthday "by building a future where tech respects and empowers users". From now until July 24, 2019, the EFF is offering a $20 membership, which includes a set of limited-edition enamel pins. (Note also that the EFF is a US 501(c)(3) nonprofit, so contributions are tax-deductible as allowed by law.)

Linode yesterday launched new GPU-optimized cloud computing instances, specifically for developers and business that need massive parallel computational power. From the press release: "The new instances are built on NVIDIA Quadro RTX 6000 GPU cards with all three major types of processing cores (CUDA, Tensor, and Real-Time Ray Tracing) available to users. Linode is one of the first cloud providers to deploy NVIDIA's latest GPU architecture." For more information, see

Syncthing 1.2.0 was released recently. Linux Uprising reports that this version of the open-source peer-to-peer synchronization tool "adds QUIC with NAT traversal as a new transport protocol, fixes some bugs and enables automatic error reporting." The article notes Syncthing's emphasis on privacy: "None of your data is ever store anywhere else other than your own computers (no central server); all communication is secured using TSL and authenticated using a strong cryptographic certificate. Basically, it can replace Dropbox and other similar services with something decentralized, where your data is your data alone." Go here to download.

Kali Linux for Raspberry Pi 4 was released recently, "complete with on-board wifi monitor mode & frame injection support!" You can download it from the Kali Linux ARM Images page. Currently there is support only for 32-bit, but 64-bit is coming soon.

GNOME developers plan to disable the Snap plugin for GNOME Software, as Canonical has started creating its own Snap Store and won't be using GNOME Software in Ubuntu 20.04 LTS. According to Phoronix, "Canonical's in-development Snap Store will obviously be focused just on their own Snap effort and not supporting the likes of Flatpak. Due to the likelihood that the GNOME Software Snap plug-in will quickly suffer from bit-rot and pose a maintenance burden to GNOME developers with little to no return, it's certainly reasonable that they would at least disable this plug-in."

News eff Linode Syncthing Kali Linux Raspberry Pi GNOME Canonical

Linux IoT Development: Adjusting from a Binary OS to the Yocto Project Workflow

Thursday 11th of July 2019 11:30:00 AM
by Mirza Krak

Introducing the Yocto Project and the benefits of using it in embedded Linux development.

In embedded Linux development, there are two approaches when it comes to what operating system to run on your device. You either build your own distribution (with tools such as Yocto/OpenEmbedded-Core, Buildroot and so on), or you use a binary distribution where Debian and derivatives are common.

It's common to start out with a binary distribution. This is a natural approach, because it's a familiar environment for most people who have used Linux on a PC. All the commodities are in place, and someone else has created the distribution image for you to download. There normally are custom vendor images for specific hardware that contain optimizations to make it easy to get started to utilize your hardware fully.

Any package imaginable is an apt install command away. This, of course, makes it suitable for prototyping and evaluation, giving you a head start in developing your application and your product. In some cases, you even might ship pre-series devices using this setup to evaluate your idea and product further. This is referred to as the "golden image" approach and involves the following steps:

  1. Flash the downloaded Debian image to an SD card.
  2. Boot the SD card, log in and make any modifications needed (for example, installing custom applications). Once all the modifications are complete, this becomes your golden image.
  3. Duplicate the SD card into an image on your workstation (for example, using dd).
  4. Flash the "golden image" to a fleet of devices.

And every time you need to make a change, you just repeat steps 2–4, with one change—that is, you boot the already saved "golden image" in step 2 instead of the "vanilla" image.

At a certain point, the approach of downloading a pre-built distribution image and applying changes to it manually will become a problem, as it does not scale well and is error-prone due to the amount of manual labor that can lead to inconsistent output. The optimization would be to find ways to automate this, generating distribution images that contain your applications and your configuration in a reproducible way.

This is a crossroad where you decide either to stick with a binary distribution or move your idea and the result of the evaluation and prototyping phase to a tool that's able to generate custom distributions and images in a reproducible and automated way.

Go to Full Article

Samba 4.11.0rc1 Released, Firefox 68.0esr Now Available, SPI Board Elections, Microsoft Admitted to linux-distro List and SoftMaker FreeOffice Now Includes Anniversary Update

Wednesday 10th of July 2019 02:01:32 PM

News briefs for July 10, 2019.

Samba 4.11.0rc1 was released yesterday. Note that this release is for testing purposes only and not intended for production. New features include default samba process model, authentication logging, LDAP referrals, Bind9 logging, samba-tool improvements and much more. See the full Release Notes for more information, and go here to download the source code.

Mozilla released the latest Firefox update for iOS and Desktop. Highlights of Firefox 68.0esr include blackout shades for Firefox Reader View, Firefox Recommended Extensions (a curated "list of recommended extensions that have been thoroughly reviewed for security, usability and usefulness"), more customization for IT Pros and more. See the Release Notes for more details.

SPI board elections coming soon. The announcement notes there are three seats available for the Software in the Public Interest board, each for a three-year term: President and two General board member seats. Nominations are open now and end July 15th, 2019. Voting begins July 17th and ends July 30th, and the results will be announced on July 31st. From the announcement: "The ideal candidate will have an existing involvement in the Free and Open Source community, though this need not be with a project affiliated with SPI."

Microsoft has been admitted to the closed linux-distro list. ZDNet reports that "Microsoft wanted in because, while Windows sure isn't Linux, the company is, in fact, a Linux distributor. Sasha Levin, a Microsoft Linux kernel developer, pointed out Microsoft has several distro-like builds -- which are not derivative of an existing distribution—that are based on open-source components." The ZDNet article also noted that open-source security expert David A. Wheeler supported the decision as "the purpose of the list is to enable 'everyone to coordinate so that users get fixes.' That includes Linux users on Windows and Azure. So, he supported Microsoft being allowed into the private list."

SoftMaker FreeOffice now includes the Anniversary update. This new version has many new features for the TextMaker word processor and spreadsheets, and improved user-friendliness. See the press release for details on the office suite's update, and go here to download.

News Samba Mozilla Firefox SPI Microsoft Security FreeOffice SoftMaker office suite

Address Space Isolation and the Linux Kernel

Wednesday 10th of July 2019 11:30:00 AM
by Zack Brown

Mike Rapoport from IBM launched a bid to implement address space isolation in the Linux kernel. Address space isolation emanates from the idea of virtual memory—where the system maps all its hardware devices' memory addresses into a clean virtual space so that they all appear to be one smooth range of available RAM. A system that implements virtual memory also can create isolated address spaces that are available only to part of the system or to certain processes.

The idea, as Mike expressed it, is that if hostile users find themselves in an isolated address space, even if they find bugs in the kernel that might be exploited to gain control of the system, the system they would gain control over would be just that tiny area of RAM to which they had access. So they might be able to mess up their own local user, but not any other users on the system, nor would they be able to gain access to root level infrastructure.

In fact, Mike posted patches to implement an element of this idea, called System Call Isolation (SCI). This would cause system calls to each run in their own isolated address space. So if, somehow, an attacker were able to modify the return values stored in the stack, there would be no useful location to which to return.

His approach was relatively straightforward. The kernel already maintains a "symbol table" with the addresses of all its functions. Mike's patches would make sure that any return addresses that popped off the stack corresponded to entries in the symbol table. And since "attacks are all about jumping to gadget code which is effectively in the middle of real functions, the jumps they induce are to code that doesn't have an external symbol, so it should mostly detect when they happen."

The problem, he acknowledged, was that implementing this would have a speed hit. He saw no way to perform and enforce these checks without slowing down the kernel. For that reason, Mike said, "it should only be activated for processes or containers we know should be untrusted."

There was not much enthusiasm for this patch. As Jiri Kosina pointed out, Mike's code was incompatible with other security projects like retpolines, which tries to prevent certain types of data leaks falling into an attacker's hands.

There was no real discussion and no interest was expressed in the patch. The combination of the speed hit, the conflict with existing security projects, and the fact that it tried to secure against only hypothetical security holes and not actual flaws in the system, probably combined to make this patch set less interesting to kernel developers.

Go to Full Article

IBM Closes Red Hat Acquisition, Kaidan 0.4.0 Released, Android Apps Can Track You Even If You Deny Permission, Debian Edu 10 "Buster" Now Available and MIT Researchers Create New AI Programming Language

Tuesday 9th of July 2019 01:45:57 PM

News briefs for July 9, 2019.

IBM closes its acquisition of Red Hat for $34 billion. From the press release: "The acquisition redefines the cloud market for business. Red Hat's open hybrid cloud technologies are now paired with the unmatched scale and depth of IBM's innovation and industry expertise, and sales leadership in more than 175 countries. Together, IBM and Red Hat will accelerate innovation by offering a next-generation hybrid multicloud platform. Based on open source technologies, such as Linux and Kubernetes, the platform will allow businesses to securely deploy, run and manage data and applications on-premises and on private and multiple public clouds." In addition, the release notes that IBM will preserve Red Hat's independence and neutrality, and also that "Red Hat's unwavering commitment to open source remains unchanged".

Kaidan 0.4.0 has been released. This version of the "user-friendly Jabber/XMPP client" comes after a year and a half of development and now includes "multiplatform-support for all common operating systems like Linux, Windows, Android and macOS". See the ChangeLog for all the details.

Android apps can track your phone even if you deny permissions. According to The Verge, "researchers say that thousands of apps have found ways to cheat Android's permissions system, phoning home your device's unique identifier and enough data to potentially reveal your location as well." The article notes that even if you deny permission to one app, "a second app with permissions you have approved can share those bits with the other one or leave them in shared storage where another app—potentially even a malicious one—can read it. The two apps might not seem related, but researchers say that because they're built using the same software development kits (SDK), they can access that data, and there's evidence that the SDK owners are receiving it. It's like a kid asking for dessert who gets told 'no' by one parent, so they ask the other parent."

Debian has released Debian Edu (also known as Skolelinux) 10 "Buster". This distro is "based on Debian providing an out-of-the box environment of a completely configured school network". The Debian Edu developer team is asking users to test and report any issues back to, so they can continue to improve it. See the Debian Edu Wiki page for a list of all the new features and updates.

MIT researchers used Julia to create Gen, "a new probabilistic programming system with programmable inference". From MIT News: "Users write models and algorithms from multiple fields where AI techniques are applied—such as computer vision, robotics, and statistics—without having to deal with equations or manually write high-performance code. Gen also lets expert researchers write sophisticated models and inference algorithms—used for prediction tasks—that were previously infeasible." The article also notes that "Due to its simplicity—and, in some use cases, automation—the researchers say Gen can be used easily by anyone, from novices to experts."

News IBM Red Hat Cloud Kaidan Android Privacy Debian Education Debian Edu Julia AI

What Really IRCs Me: Mastodon

Tuesday 9th of July 2019 12:00:00 PM
by Kyle Rankin

Learn how to use the Mastodon social network platform from the comfort of your regular IRC client.

When it comes to sending text between people, I've found IRC (in particular, a text-based IRC client) works best. I've been using it to chat for decades while other chat protocols and clients come and go. When my friends have picked other chat clients through the years, I've used the amazing IRC gateway Bitlbee to connect with them on their chat client using the same IRC interface I've always used. Bitlbee provides an IRC gateway to many different chat protocols, so you can connect to Bitlbee using your IRC client, and it will handle any translation necessary to connect you to the remote chat clients it supports. I've written about Bitlbee a number of times in the past, and I've used it to connect to other instant messengers, Twitter and Slack. In this article, I describe how I use it to connect to yet another service on the internet: Mastodon.

Like Twitter, Mastodon is a social network platform, but unlike Twitter, Mastodon runs on free software and is decentralized, much like IRC or email. Being decentralized means it works similar to email, and you can create your own instance or create an account on any number of existing Mastodon networks and then follow people either on the same Mastodon network or any other instance, as long as you know the person's user name (which behaves much like an email address).

I've found Bitlbee to be a great interface for keeping track of social media on Twitter, because I treat reading Twitter like I was the operator for a specific IRC room. The people I follow are like those I've invited and given voice to, and I can read what they say chronologically in my IRC room. Since I keep my IRC instance running at all times, I can reconnect to it and catch up with the backlog whenever I want. Since I'm reading Twitter over a purely text-based IRC client, this does mean that instead of animated gifs, I just see URLs that point to the image, but honestly, I consider that a feature!

Since Mastodon behaves in many ways like Twitter, using it with Bitlbee works just as well. Like with Twitter over Bitlbee, it does mean you'll need to learn some extra commands so that you can perform Mastodon-specific functions, like boosting a post (Mastodon's version of retweet) or replying to a post so that your comment goes into the proper thread. I'll cover those commands in a bit.

Installing the Mastodon Bitlbee Plugin

The first step is to install the Mastodon Bitlbee Plugin. This plugin is already packaged for Debian and other distributions—look for the bitlbee-mastodon package. In that case, you can just install it with your package manager. Otherwise, you'll need to clone the source code from the plugin's git repo and build it from source:

Go to Full Article

More in Tux Machines

Devices Leftovers

  • Khadas VIM3L (Amlogic S905D3) Benchmarks, Settings & System Info

    Khadas VIM3L is the first Amlogic S905D3 SBC on the market and is sold as a lower-cost alternative to the company’s VIM3 board with a focus on the HTPC / media player market.

  • Semtech SX1302 LoRa Transceiver to Deliver Cheaper, More Efficient Gateways
  • In-vehicle computer supports new MaaS stack

    Axiomtek’s fanless, rugged “UST100-504-FL” automotive PC runs Ubuntu 18.04 or Windows on 6th or 7th Gen Intel chips, and offers SATA, HDMI, 2x GbE, 4x USB 3.0, 3x mini-PCIe, a slide-rail design, and the new AMS/AXView for MaaS discovery. Axiomtek announced a rugged in-vehicle PC that runs Ubuntu 18.04, Windows 10, or Windows 7 on Intel’s Skylake or Kaby Lake processors. The UST100-504-FL is aimed at “in-vehicle edge computing and video analytics applications,” and is especially suited for police and emergency vehicles, says Axiomtek. There’s also a new Agent MaaS Suite (AMS) IoT management suite available (see farther below).

  • Google Launches the Pixel 4 with Android 10, Astrophotography, and Motion Sense

    Google officially launched today the long rumored and leaked Pixel 4 smartphone, a much-needed upgrade to the Pixel 3 and 3a series with numerous enhancements and new features. The Pixel 4 smartphone is finally here, boasting upgraded camera with astrophotography capabilities so you can shoot the night sky and Milky Way without using a professional camera, a feature that will also be ported to the Pixel 3 and 3a devices with the latest camera app update, as well as Live HDR+ support for outstanding photo quality.

  • Repurposing A Toy Computer From The 1990s

    Our more youthful readers are fairly likely to have owned some incarnation of a VTech educational computer. From the mid-1980s and right up to the present day, VTech has been producing vaguely laptop shaped gadgets aimed at teaching everything from basic reading skills all the way up to world history. Hallmarks of these devices include a miserable monochrome LCD, and unpleasant membrane keyboard, and as [HotKey] found, occasionally a proper Z80 processor. [...] After more than a year of tinkering and talking to other hackers in the Z80 scene, [HotKey] has made some impressive headway. He’s not only created a custom cartridge that lets him load new code and connect to external devices, but he’s also added support for a few VTech machines to z88dk so that others can start writing their own C code for these machines. So far he’s created some very promising proof of concept programs such as a MIDI controller and serial terminal, but ultimately he hopes to create a DOS or CP/M like operating system that will elevate these vintage machines from simple toys to legitimate multi-purpose computers.

today's howtos

Audiocasts/Shows/Screencasts: FLOSS Weekly, Containers, Linux Headlines, Arch Linux Openbox Build and GhostBSD 19.09

  • FLOSS Weekly 551: Kamailio

    Kamailio is an Open Source SIP Server released under GPL, able to handle thousands of call setups per second. Kamailio can be used to build large platforms for VoIP and realtime communications – presence, WebRTC, Instant messaging and other applications.

  • What is a Container? | Jupiter Extras 23

    Containers changed the way the IT world deploys software. We give you our take on technologies such as docker (including docker-compose), Kubernetes and highlight a few of our favorite containers.

  • 2019-10-16 | Linux Headlines

    WireGuard is kicked out of the Play Store, a new Docker worm is discovered, and Mozilla unveils upcoming changes to Firefox.

  • Showing off my Custom Arch Linux Openbox Build
  • GhostBSD 19.09 - Based on FreeBSD 12.0-STABLE and Using MATE Desktop 1.22

    GhostBSD 19.09 is the latest release of GhostBSD. This release based on FreeBSD 12.0-STABLE while also pulling in TrueOS packages, GhostBSD 19.09 also has an updated OpenRC init system, a lot of unnecessary software was removed, AMDGPU and Radeon KMS is now valid xconfig options and a variety of other improvements and fixes.

MX-19 Release Candidate 1 now available

We are pleased to offer MX-19 RC 1 for testing purposes. As usual, this iso includes the latest updates from debian 10.1 (buster), antiX and MX repos. Read more