Language Selection

English French German Italian Portuguese Spanish

Linux Journal

Syndicate content
Updated: 1 hour 12 min ago

Signing Git Commits

Thursday 16th of May 2019 12:00:00 PM
by Kyle Rankin

Protect your code commits from malicious changes by GPG-signing them.

Often when people talk about GPG, they focus on encryption—GPG's ability to protect a file or message so that only someone who has the appropriate private key can read it. Yet, one of the most important functions GPG offers is signing. Where encryption protects a file or message so that only the intended recipient can decrypt and read it, GPG signing proves that the message was sent by the sender (whomever has control over the private key used to sign) and has not been altered in any way from what the sender wrote.

Without GPG signing, you could receive encrypted email that only you could open, but you wouldn't be able to prove that it was from the sender. But, GPG signing has applications far beyond email. If you use a modern Linux distribution, it uses GPG signatures on all of its packages, so you can be sure that any software you install from the distribution hasn't been altered to add malicious code after it was packaged. Some distributions even GPG-sign their ISO install files as a stronger form of MD5sum or SHA256sum to verify not only that the large ISO downloaded correctly (MD5 or SHA256 can do that), but also that the particular ISO you are downloading from some random mirror is the same ISO that the distribution created. A mirror could change the file and generate new MD5sums, and you may not notice, but it couldn't generate valid GPG signatures, as that would require access to the distribution's signing key.

Why Sign Git Commits

As useful as signing packages and ISOs is, an even more important use of GPG signing is in signing Git commits. When you sign a Git commit, you can prove that the code you submitted came from you and wasn't altered while you were transferring it. You also can prove that you submitted the code and not someone else.

Being able to prove who wrote a snippet of code isn't so you know who to blame for bugs so the person can't squirm out of it. Signing Git commits is important because in this age of malicious code and back doors, it helps protect you from an attacker who might otherwise inject malicious code into your codebase. It also helps discourage untrustworthy developers from adding their own back doors to the code, because once it's discovered, the bad code will be traced to them.

How to Sign Git Commits

The simplest way to sign Git commits is by adding the -S option to the git commit command. First, figure out your GPG key ID with:

Go to Full Article

Nextcloud Partners with Nitrokey, Unauthorized Version of Arch Linux Available from the Microsoft Store, VirtualBox 6.0.8 Released, Help Test Plasma Theme Switching and Intel Announces Major Clear Linux Update

Wednesday 15th of May 2019 02:03:50 PM

News briefs for May 15, 2019.

Nextcloud this morning announced a new partnership with Nitrokey, maker of highly secure, open-source encryption USB keys. From the press release: "The Nitrokey Pro 2 and Nitrokey Storage 2 devices have been verified to work easily with Nextcloud's one-time passwords for secure two-factor authentication (2FA). This protects users' accounts in the event of compromised passwords. Furthermore the USB keys feature a password manager, a cryptographic key store for email encryption and SSH administration. In addition the Nitrokey Storage 2 contains an encryption mass storage drive with the option of hidden volumes." In addition, Nextcloud and Nitrokey will explore further collaboration "especially in the area of end-to-end encryption and secure storage of cryptographic keys". See the Nextcloud blog for more details.

An unauthorized version of Arch Linux for WSL is now available from the Microsoft Store. Bleeping Computer reports that "an Arch Linux team member has also pointed out that the distribution on the Microsoft Store added an unknown repository to the pacman.conf file, so if you install packages through it, it is not known if they have been tampered with."

VirtualBox 6.0.8 has been released. According to Softpedia News, this is a maintenance and stability release, but it does fix some important problems, such as saved state resume failures and mouse click pass-through issues. For Linux platforms, this release also adds "support for shared folders on systems powered by Linux kernel 3.16.35 LTS, support for correctly handling the read-only flag of shared folders, and support for successfully building the VirtualBox kernel module in both non-default and debug build setups." See the full changelog for more information.

KDE needs your help with testing Plasma Theme switching: "Please get one of the Live images with latest code from the Plasma developers hands (or if you build manually yourself from master branches, last night's code should be fine) and give the switching of Plasma Themes a good test, so we can be sure things will work as expected on arrival of Plasma 5.16: KDE neon Unstable Edition and openSUSE Krypton. If you find glitches, please report them here in the comments, or better on the #plasma IRC channel.

Intel announces a major update to Clear Linux and a new developer edition. ZDNet reports that "In the new developer edition, besides giving developers a Linux designed to make the most of Intel hardware, its basic programmer bundles are curated to provide all the relevant developer tools with one installation command." With this update, Clear Linux also includes "Intel hardware optimized programmer software stacks for Deep Learning and Data Analytics".

News Nextcloud Security Nitrokey Privacy Arch Linux Microsoft VirtualBox KDE Plasma Intel Clear Linux

Puppet Redefines Infrastructure Automation

Wednesday 15th of May 2019 11:30:00 AM
by Petros Koutoupis

Puppet has long been regarded as nothing more than an open-source software configuration management tool. The company has become a standard for automating the delivery and operation of the software that powers everything around us. Well, this is about to change. Puppet has evolved and has positioned itself to tackle enterprise-grade problems. All of this and more, was announced on May 2, 2019.

So what makes this announcement so exciting? I sat down with Matt Waxman, Puppet's Head of Products to learn more.

Petros Koutoupis: Please introduce yourself to our readers.

Matt Waxman: I have been the Head of Products at Puppet since 2017. I have been in the Product space for at least 20 years, largely focused on infrastructure. Before coming to Puppet, I was in data storage backup, replication and disaster recovery. I am the guy who deals with roadmaps and user experience across our product portfolio.

Petros: What can you tell us about this announcement?

Matt Waxman: Automation of more than just the state of your virtual machines, containers and so on is extremely important. How do you enable more teams? It is all about service, safety and quality of delivery. This is what we are doing with Puppet to serve those exact needs. And with our latest release 2019.1, we simplify the experience in automation to meet those demands.

We enhanced our agentless and agent-based capabilities, such as supporting the automation of network devices (for example, Cisco and Palo Alto) and giving users the ability to automate anything and anywhere quickly, efficiently, safely and at scale. But some of our most notable changes are centered around our agentless task runner, Bolt. We introduced it about a year and a half ago. Bolt is an automation tool built to automate anything in your infrastructure without the hassle. It was very well received by the Open Source community. What is new here though is we have found that more and more customers and users are starting to automate from a development perspective. Developers have a constant need to stand up an infrastructure quickly for both testing and support. Not only did we make Bolt more user-friendly for the broader community, but we also added YAML support.

Petros: Why is this announcement so exciting?

Matt Waxman: The demand for infrastructure-focused automation is growing, and many companies are unable to scale to meet that demand. With release 2019.1, we made a lot of investment in not only addressing this challenge but also in simplifying the experience.

Go to Full Article

Update WhatsApp Now, Adobe Warning Creative Cloud Users with Older Apps, Kernels Older than 5.0.8 Are Vulnerable to Remote Code Execution, Schools in Kerala Choose Linux and MakeOpenStuff Is Launching the HestiaPi Touch Smart Thermostat

Tuesday 14th of May 2019 01:55:39 PM

News briefs for May 14, 2019.

A vulnerability in WhatsApp allows spyware to be installed from a single unanswered phone call. The Verge reports that the "spyware, developed by Israel's secretive NSO group, can be installed without trace and without the target answering the call, according to security researchers and confirmed by WhatsApp. Once installed, the spyware can turn on a phone's camera and mic, scan emails and messages, and collect the user's location data. WhatsApp is urging its 1.5 billion global users to update the app immediately to close the security hole."

Adobe warns Creative Cloud users with older apps. According to Engadget, "The software company has sent out emails to customers warning them of being "at risk of potential claims of infringement by third parties" if they continue using outdated versions of CC apps, including Photoshop and Lightroom. These emails even list the old applications installed on the subscribers' systems, and in some cases, they mention what the newest available versions are." Users are being told they are no longer licensed to use the apps and that they need to update to the latest authorized version.

Linux systems running distros with kernels older than 5.0.8 are vulnerable to remote code execution. From Bleeping Computer: "Potential attackers could exploit the security flaw found in Linux kernel's rds_tcp_kill_sock TCP/IP implementation in net/rds/tcp.c to trigger denial-of-service (DoS) states and to execute code remotely on vulnerable Linux machines. The attacks can be launched with the help of specially crafted TCP packets sent to vulnerable Linux boxes which can trigger use-after-free errors and enable the attackers to execute arbitrary code on the target system." The vulnerability is being tracked as CVE-2019-11815.

Schools in the Indian state of Kerala have chosen Linux as their OS, which will save them roughly $428 million. According to It's FOSS, Kerala is "the first 100% literate Indian state". IT classes have been mandatory since 2003, and the schools started adopting free and open-source software a few years later, with the plan of getting rid of proprietary software in the schools. "As a result, the state claimed to save around $50 million per year in licensing costs in 2015. Further expanding their open source mission, Kerala is going to put Linux with open source educational software on over 200,000 school computers."

MakeOpenStuff is launching a Crowd Supply campaign for HestiaPi Touch, "an open source, smart thermostat for controlling HVAC and water systems". Linux Gizmos writes that the thermostat "runs a Linux-based openHAB stack on an RPI Zero W along with relays, a 3.5-inch display, and temperature, humidity, and pressure sensors". The HestiaPi Touch will cost $95 (without a case) or $145 (with case), and it's expected to ship in October or November. Linux Gizmos notes that "The hackable device competes directly with the $249 Google Nest Learning Thermostat. Unlike the Nest devices, it does not require a cloud connection thereby ensuring privacy and offering full control to the user."

News Security WhatsApp Adobe kernel Education HestiPi Touch Raspberry Pi Privacy

CGroup Interactions

Tuesday 14th of May 2019 12:00:00 PM
by Zack Brown

CGroups are under constant development, partly because they form the core of many commercial services these days. An amazing thing about this is that they remain an unfinished project. Isolating and apportioning system elements is an ongoing effort, with many pieces still to do. And because of security concerns, it never may be possible to present a virtual system as a fully independent system. There always may be compromises that have to be made.

Recently, Andrey Ryabinin tried to fix what he felt was a problem with how CGroups dealt with low-memory situations. In the current kernel, low-memory situations would cause Linux to recuperate memory from all CGroups equally. But instead of being fair, this would penalize any CGroup that used memory efficiently and reward those CGroups that allocated more memory than they needed.

Andrey's solution to this was to have Linux recuperate unused memory from CGroups that had it, before recuperating any from those that were in heavy use. This would seem to be even less fair than the original behavior, because only certain CGroups would be targeted and not others.

Andrey's idea garnered support from folks like Rik van Riel. But not everyone was so enthralled. Roman Gushchin, for example, pointed out that the distinction between active and unused memory was not as clear as Andrey made it out to be. The two of them debated this issue quite a bit, because the whole issue of fair treatment hangs in the balance. If Andrey's whole point is to prevent CGroups from "gaming the system" to ensure more memory for themselves, then the proper approach to low-memory conditions depends on being able to identify clearly which CGroups should be targeted for reclamation and which should be left alone.

At the same time, the situation could be seen as a security concern, with an absolute need to protect independent CGroups from each other. If so, something like Andrey's patch would be necessary, and many more security-minded developers would start to take an interest in getting the precise details exactly right.

Note: if you're mentioned above and want to post a response above the comment section, send a message with your response text to ljeditor@linuxjournal.com.

Go to Full Article

Linux Journal ASCII Art Contest

Monday 13th of May 2019 08:34:30 PM
by Bryan Lunduke

Do you have l33t ASCII/ANSI art skillz? Your work could grace the cover of Linux Journal!

That's right—your ASCII art on the cover of the longest-running Linux publication on the planet.

What the artwork is depicting is, really, up to you. But, since this is Linux Journal, here are a few good ideas:

  • Something involving Tux the Penguin.
  • Something involving Linux in general.
  • Something involving terminals or computers in general.
  • Something else entirely, so long as it makes us think, "Gee, Linux is awesome."

How to submit your entry:

  1. Make sure your ASCII or ANSI artwork is saved as an image file (jpg or png) that is roughly 1600 x 1600 (give or take—larger is fine as well).
  2. Email that image, along with how you want your name to appear, to ljeditor@linuxjournal.com.
  3. Make sure it's postmarked (yeah, I know, that's not really a thing with email, but I felt like using that word today) by July 1, 2019.

FAQ:

  • Q: Should my ASCII/ANSI art use colors?
  • A: Up to you!
  • Q: Should I also include the raw text version of the ASCII art when I submit it?
  • A: Sure! That'd be groovy!
  • Q: How awesome will I feel when I see my ASCII art on the cover of Linux Journal?
  • A: Very.
Go to Full Article

Kernel 5.1.1 Is Out, a Raspberry Pi Captured a Photo of a Soyuz in Space, It Might Be the Year of the Desktop, Nanonote 1.2.0 Released and OpenMandriva Lx 4.0 RC Is Now Available

Monday 13th of May 2019 01:40:57 PM

News briefs for May 13, 2019.

Greg Kroah-Hartman announced the release of the 5.1.1 kernel, saying "All users of the 5.1 kernel series must upgrade".

A Raspberry Pi captured a photo of a Soyuz in space. See the Raspberry Pi Blog for details on how a Raspberry Pi 1 B+ and a Rasperry Pi camera module captured the photo a Soyuz vehicle on its way to the International Space Station, as part of the European Space Agency (ESA) and Raspberry Pi's Astro Pi Challenge.

Windows and Chrome are making 2019 the "year of the desktop". PCWorld writes, "After years of endless jokes, 2019 is truly, finally shaping up to be the year of Linux on the desktop. Laptops, too! But most people won't know it. That's because the bones of the open-source operating system kernel will soon be baked into Windows 10 and Chrome OS, as Microsoft and Google revealed at their respective developer conferences this week."

Nanonote 1.2.0 has been released. With this new version, you now can use Ctrl + the mouse wheel to make text bigger or smaller, links are no longer hard-coded to be blue and instead use the theme color, and it now speaks German. You can read the full changelog and get deb and rpm packages here.

OpenMandriva Lx 4.0 RC was released. From the announcement: "We are almost there. Last step before the long awaited OpenMandriva Lx 4.0 is Release Candidate that we are happy to release today. This milestone got another turn of bug fixing, fine-tuning, and several updates including Plasma5 desktop, KDE Frameworks and KDE Applications, LLVM/clang, Java." See the Release notes for more information and download links.

News kernel Raspberry Pi Desktop OpenMandriva

Introducing Mypy, an Experimental Optional Static Type Checker for Python

Monday 13th of May 2019 11:30:00 AM
by Reuven M. Lerner

Tighten up your code and identify errors before they occur with mypy.

I've been using dynamic languages—Perl, Ruby and Python—for many years. I love the flexibility and expressiveness that such languages provide. For example, I can define a function that sums numbers:

def mysum(numbers): total = 0 for one_number in numbers: total += one_number return total

The above function will work on any iterable that returns numbers. So I can run the above on a list, tuple or set of numbers. I can even run it on a dictionary whose keys are all numbers. Pretty great, right?

Yes, but for my students who are used to static, compiled languages, this is a very hard thing to get used to. After all, how can you make sure that no one passes you a string, or a number of strings? What if you get a list in which some, but not all, of the elements are numeric?

For a number of years, I used to dismiss such worries. After all, dynamic languages have been around for a long time, and they have done a good job. And really, if people are having these sorts of type mismatch errors, then maybe they should be paying closer attention. Plus, if you have enough testing, you'll probably be fine.

But as Python (and other dynamic languages) have been making inroads into large companies, I've become increasingly convinced that there's something to be said for type checking. In particular, the fact that many newcomers to Python are working on large projects, in which many parts need to interoperate, has made it clear to me that some sort of type checking can be useful.

How can you balance these needs? That is, how can you enjoy Python as a dynamically typed language, while simultaneously getting some added sense of static-typing stability?

One of the most popular answers is a system known as mypy, which takes advantage of Python 3's type annotations for its own purposes. Using mypy means that you can write and run Python in the normal way, gradually adding static type checking over time and checking it outside your program's execution.

In this article, I start exploring mypy and how you can use it to check for problems in your programs. I've been impressed by mypy, and I believe you're likely to see it deployed in a growing number of places, in no small part because it's optional, and thus allows developers to use it to whatever degree they deem necessary, tightening things up over time, as well.

Dynamic and Strong Typing

In Python, users enjoy not only dynamic typing, but also strong typing. "Dynamic" means that variables don't have types, but that values do. So you can say:

Go to Full Article

Alpine Linux Docker Images Shipped with Unlock Root Accounts, Mozilla Offering a Research Grant to Embed Tor into Firefox, Plasma 5.16 to Get a Rewritten Notification System, Unity 2019.2 Beta Released and Emirates NBD Wins Red Hat's 2019 Innovation Award

Friday 10th of May 2019 02:13:55 PM

News briefs for May 10, 2019.

Alpine Linux Docker images available on Docker Hub shipped for three years with unlocked root accounts. Threatpost reports that "For three years, some Alpine Linux Docker images have shipped with a root account and no password, opening the door for attackers to easily access vulnerable servers and workstations provisioned for the images. Affected versions of Alpine Linux Docker distros include 3.3, 3.4, 3.5, 3.6, 3.7, 3.8 and 3.9 Alpine Docker Edge, according to Cisco Talos researchers who discovered the bug, tested each version and released their findings on Wednesday. Vulnerable images of Alpine Linux Dockers were available via the official Docker Hub portal since late 2015."

Mozilla has offered a research grant to find a way to embed Tor into Firefox to create a Super Private Browser mode. According to ZDNet, although Tor does work with Firefox, the integration slows it down, so "a better Tor integration is one of the key points that Mozilla is willing to fund via its Research Grants 2019H1 program that the organization announced last month." The article quotes Mozilla, "'Enabling a large number of additional users to make use of the Tor network requires solving for inefficiencies currently present in Tor so as to make the protocol optimal to deploy at scale.'"

Plasma 5.16 will have a completely rewritten notification system. Notifications will have a new look and feel, a do not disturb mode, revamped progress reporting and more. See Plasma developer Kai Uwe's blog for more information. The 5.16 release is expected sometime in June.

Unity 2019.2 beta is now available. From the announcement: "In this beta, we've included the popular Polybrush tool as a package, added the Unity Distribution Portal to get your games and apps to new global audiences, improved and expanded the toolsets for mobile, lighting, 2D, XR, and more." See the release notes for all the details, and get the beta from here.

Emirates NBD wins Red Hat's 2019 Red Hat Innovation Award. From the press release: "Emirates NBD, a leading banking group in the United Arab Emirates (UAE), has built a distributed private cloud platform with Red Hat's hybrid cloud and application programming interface (API) technologies as part of its digital transformation strategy. Its platform provides a common foundation and access to cloud-native services for internal teams, improving integration, collaboration and speed of development. The Red Hat-based cloud helps enable Emirates NBD to better keep pace with its competition, to make banking more available, and to more dynamically offer modern, personalized services to customers."

News Alpine Linux Docker Security Mozilla Firefox Tor Plasma unity Red Hat

What The @#$%&! (Heck) is this #! (Hash-Bang) Thingy In My Bash Script

Friday 10th of May 2019 11:30:00 AM
by Mitch Frazier

 

You've seen it a million times—the hash-bang (#!) line at the top of a script—whether it be Bash, Python, Perl or some other scripting language. And, I'm sure you know what its purpose is: it specifies the script interpreter that's used to execute the script. But, do you know how it actually works? Your initial thought might be that your shell (bash) reads that line and then executes the specified interpreter, but that's not at all how it works. How it actually works is the main focus of this post, but I also want to introduce how you can create your own version of "hash-bang" if you're so inclined.

Go to Full Article

IBM's Red Hat Deal, NuoDB Operator Now Has Red Hat OpenShift Operator Certification, Krita 4.2.0 Alpha Released, Elive 3.0 Update, UBports Announces Ubuntu Touch OTA-9 and Fedora Kernel 5.1 Test Week Starts Monday

Thursday 9th of May 2019 01:17:02 PM

News briefs for May 9, 2019.

The Department of Justice recently concluded its review of IBM's Red Hat acquisition, which is still on track for later this year. ZDNet reports that Red Hat released the results of an IDC study at Red Hat Summit, "which concluded software and applications running on Red Hat Enterprise Linux (RHEL) are expected to contribute to more than $10 trillion worth of global business revenues in 2019. That's about 5% of the worldwide economy for those of you following at home." ZDNet notes that "IBM's $34 billion acquisition of Red Hat is looking better than ever."

Distributed SQL database vendor NuoDB yesterday announced that its NuoDB Operator now has Red Hat OpenShift Operator Certification and is available immediately on Red Hat OpenShift. From the press release: "The newly available NuoDB Operator easily configures and deploys the NuoDB Community Edition (CE), allowing users to build, run and manage a NuoDB database natively inside Red Hat OpenShift. Users also have the option to deploy the database with a sample SQL application that generates SQL activity on the database, allowing them to more quickly experience NuoDB in action. Users can then enable NuoDB Insights, a graphical dashboard that provides insight into the performance and overall health of the database, to learn how the sample database performed. Armed with this information, users can better understand, optimize and troubleshoot the database, making it easier to effectively evaluate NuoDB in Red Hat OpenShift."

Krita 4.2.0 alpha was released yesterday. Since Krita 4.1 was released last June, the team has fixed around 1500 bugs, and they've "implemented a host of new features, workflow improvements and little bits of spit and polish." New features include "much improved tablet support on all platforms, HDR painting on Windows, improved painting performance, improved color palette docker, animation API for scripting, gamut masks, improved artistic color selector, an improved start screen that can now show you the latest news about Krita, changes to the way flow and opacity work when painting". You can see the release notes here. The announcement says they are on track to release version 4.2 later this month.

Elive 3.0 has been updated, and this should be the last update before the 3.0 release. From Samuel F. Baggen's announcement: "in the last few months I have been deeply working on the next future versions of Elive, which will support things like Secure Boot and UEFI, with 64bit available builds and based in Debian Buster, all these things are simply...amazing! I hope to make the next beta versions publicly available soon with also including a working installer that will have extra features! I didn't wanted to publicly announce anything until now because I'm a meticulous perfectionist who wants to verify that most of the things are correctly working before giving any promise."

UBports yesterday announced the release of Ubuntu Touch OTA-9. OTA-9 will roll out to supported Ubuntu Touch devices over the next few days. This release is mostly a stability release, but it includes a refreshed look, Nexus 5 camera fixes and the QQC2 Suru Style. You can read the full changelog here.

Fedora is planning a kernel 5.1 test week next week, which will run 5/13/2019 through 5/18/19. If you want to help test, see the wiki page for instructions.

News

Ubuntu Advantage for Infrastructure: an Interview with Canonical

Thursday 9th of May 2019 12:00:00 PM
by Petros Koutoupis

On April 29, 2019, Canonical made headlines by officially announcing the availability of Ubuntu Advantage for Infrastructure If you are unfamiliar with Canonical and the work that they do:

Canonical is the publisher of Ubuntu, the OS for most public cloud workloads as well as the emerging categories of smart gateways, self-driving cars and advanced robots. Canonical provides enterprise security, support and services to commercial users of Ubuntu.

Ubuntu Advantage for Infrastructure changes the entire landscape of service offerings for open-source software. Instead of itemizing and charging for each and every component or add-on, Canonical promises its customers a per-node service package, regardless of the technologies running on it. I was able to sit down and chat with Stephan Fabel, who was generous enough to provide a bit more detail around this exciting announcement.

Petros Koutoupis: Tell us about yourself.

Stephan Fabel: My name is Stephan Fabel, and I am Director of Product over at Canonical. So, I am running a team as the Product Manager, and I am responsible for the portfolio of products that go out to our customers.

Petros: For our readers who are unfamiliar, what is Ubuntu Advantage?

Stephan: As you might know, Ubuntu always has been freely available as an open-source Linux distribution for everybody to consume. And, for those users who wish to enter that commercial relationship with Canonical, either because they are interested in our additional bit-streams that we offer like kernel patches, extended security maintenance, FIPS compliance crypto libraries, or because they would like to get support for each of those open infrastructure components that we are covering, Ubuntu Advantage is the program that they would subscribe to.

Petros: What makes this recent announcement of Ubuntu Advantage for Infrastructure so exciting?

Go to Full Article

OASIS Announces Open Projects, Endless OS Launches Endless Studios, Microsoft and Red Hat Announce the General Availability of Azure Red Hat OpenShift, Supermicro Collaborates with Red Hat, and All Chromebooks to Launch This Year Will Support Linux Apps

Wednesday 8th of May 2019 01:12:02 PM

News briefs for May 8, 2019.

OASIS this morning announced the launch of Open Projects. The press release describes Open Projects as "the first-of-its-kind program that creates a more transparent and collaborative future for open source and standards development. Open Projects gives communities the power to develop what they choose—APIs, code, specifications, reference implementations, guidelines—in one place, under open source licenses, with a path to recognition in global policy and procurement."

Endless, creators of Endless OS and a $79 Linux computer, have announced a new venture, which begins today: Endless Studios. Matt Dalio and the Endless Studios team have "created a series of games on Linux, Endless OS, and Hack that teach kids to code (without them knowing)." Go to the site to check out the games and play a demo. See also this video for a look at Endless Studios Games.

Microsoft and Red Hat yesterday announced the general availability of Azure Red Hat OpenShift. From the press release: "Azure Red Hat OpenShift provides a powerful on-ramp to hybrid cloud computing, enabling IT organizations to use Red Hat OpenShift Container Platform in their datacenters and more seamlessly extend these workloads to use the power and scale of Azure services. The availability of Azure Red Hat OpenShift marks the first jointly managed OpenShift offering in the public cloud."

Supermicro announces a collaboration with Red Hat "to develop powerful open private cloud solutions based on Supermicro's industry-leading SuperServer and SuperStorage systems as well as Red Hat OpenShift Container Platform. With fully integrated hardware, software and support packages, these new solutions built with enterprise Kubernetes provide the ability to deploy and manage containers in an on-premises, private and hybrid cloud environment." For more information on the Supermicro Solution for Red Hat OpenShift Container Platform, go here.

All Chromebooks that launch this year will support Linux apps. According to Android Police, "Google announced that all Chromebooks launched in 2019 will be Linux-ready right out of the box, which is great for developers, enthusiasts, and newbies alike. These announcements have been quick and brief, but at least this news is straight to the point, though every Chromebook I've tested recently had Linux support....Oh, and they mentioned that Android Studio is also a one-click install, too. That's neat."

News OASIS Open Projects open source Endless Studios gaming Education Microsoft Red Hat OpenShift Containers Azure Supermicro Cloud Servers Chromebooks

We Need to Save What Made Linux and FOSS Possible

Wednesday 8th of May 2019 01:11:53 PM
by Doc Searls

If we take freedom and openness for granted, we'll lose both. That's already happening, and we need to fight back. The question is how.

I am haunted by this passage in a letter we got from reader Alan E. Davis (the full text is in our Letters section):

...the real reason for this letter comes from my realization—in seeking online help—that the Linux Documentation Project is dead, and that the Linuxprinting.org project—now taken over by open printing, I think, is far from functioning well. Linux has been transformed into containers, and embedded systems. These and other such projects were the heart and soul of the Free Software movement, and I do not want for them to be gone!

This is the kind of thing Bradley Kuhn (of the Software Freedom Conservancy) lamented in his talk at Freenode.live last year. So did Kyle Rankin in his talk at the same event (video, slides and later, an LJ article). In an earlier conversation on the same stage (it was a helluva show), Simon Phipps (of the Open Source Initiative) and I had our own lamentations.

We all said it has become too easy to take Linux and FOSS for granted, and the risks of doing that were dire. Some specifics:

Go to Full Article

What is the worst Linux Distro?

Tuesday 7th of May 2019 10:18:29 PM

Please support Linux Journal by subscribing or becoming a patron.

Red Hat Enterprise 8 Now Available, Microsoft Announces New Windows 10 Terminal App, Microsoft and Red Hat Announce an Open-Source Kubernetes Event-Driven Autoscaling Service, StackRox Partners with Red Hat, and Ubuntu 19.10 to Be Called Eoan Ermine

Tuesday 7th of May 2019 01:56:44 PM

News briefs for May 7, 2019.

Red Hat Enterprise 8 is now available. From the press release: "Red Hat Enterprise Linux 8 is the operating system redesigned for the hybrid cloud era and built to support the workloads and operations that stretch from enterprise datacenters to multiple public clouds. Red Hat understands that the operating system should do more than simply exist as part of a technology stack; it should be the catalyst for innovation. From Linux containers and hybrid cloud to DevOps and artificial intelligence (AI), Red Hat Enterprise Linux 8 is built to not just support enterprise IT in the hybrid cloud, but to help these new technology strategies thrive." There will be a press conference tomorrow, May 8, at 11am EDT. You can register here.

Microsoft yesterday announced a new Windows 10 Terminal app for command-line users. From Microsoft's blog post: "Windows Terminal [is] a new application for Windows command-line users [that] will offer a user interface with emoji-rich fonts and graphics-processing-unit-accelerated text rendering. It also will provide multiple tab support as well as theming and customization, allowing users to personalize their Terminal." Windows Terminal will be available for Windows 10 systems sometime in June.

In other Microsoft and Red Hat news (the Build 2019 developer conference and Red Hat Summit both are this week), the two companies announce an "open-source service for auto-scaling serverless containers on Kubernetes". ZDNet reports that "Microsoft and Red Hat have jointly developed an open-sourced Kubernetes event-driven autoscaling (KEDA) service. KEDA enables developers to deploy serverless containers on Kubernetes in any public or private cloud, as well as on-premises, Microsoft officials said."

StackRox announced this morning that the StackRox Kubernetes Security Platform is now available as a Red Hat certified container. From the press release: "As part of the Red Hat Container Certification, StackRox's award-winning capabilities, powered by its container-native and Kubernetes-native platform, will be available through the Red Hat Container Catalog. Enterprise customers who use the production-ready Kubernetes platform offered by Red Hat OpenShift to deliver shorter application development cycles and better-quality software now have easier access to enhanced security and compliance capabilities certified by Red Hat." You can read more about the StackRox and Red Hat partnership here.

Ubuntu 19.10 is going to be called the "Eoan Ermine" release. Phoronix reports that "An Ermine is a stoat, or a short-tailed weasel. Eoan, as a reminder, means 'relating to the dawn or the east.'... So Ubuntu 19.10 is the dawn of the short-tailed weasel and will be out in October." This release is expected to bring "Linux 5.3, GNOME 3.34, Mesa 19.2, potentially Python 3 as the only Python version in the main archive, the X.Org session to still be the default, a new desktop installer that offers tight integration with the ZFS file-system, and many other changes for what they hope to send through this cycle for vetting ahead of the Long Term Support cycle."

News Red Hat RHEL Cloud Containers DevOps Microsoft Kubernetes StackRox Ubuntu

Rewriting printk()

Tuesday 7th of May 2019 12:00:00 PM
by Zack Brown

The printk() function is a subject of much ongoing consternation among kernel developers. Ostensibly, it's just an output routine for sending text to the console. But unlike a regular print routine, printk() has to be able to work even under extreme conditions, like when something horrible is going on and the system needs to utter a few last clues as it breathes its final breath.

It's a heroic function. And like most heroes, it has a lot of inner problems that need to be worked out over the course of many adventures. One of the entities sent down to battle those inner demons has been John Ogness, who posted a bunch of patches.

One of the problems with printk() is that it uses a global lock to protect its buffer. But this means any parts of the kernel that can't tolerate locks can't use printk(). Nonmasking interrupts and recursive contexts are two areas that have to defer printk() usage until execution context returns to normal space. If the kernel dies before that happens, it simply won't be able to say anything about what went wrong.

There were other problems—lots! Because of deferred execution, sometimes the buffer could grow really big and take a long time to empty out, making execution time hard to predict for any code that disliked uncertainty. Also, the timestamps could be wildly inaccurate for the same reason, making debugging efforts more annoying.

John wanted to address all this by re-implementing printk() to no longer require a lock. With analysis help from people like Peter Zijlstra, John had come up with an implementation that even could work deep in NMI context and anywhere else that couldn't tolerate waiting.

Additionally, instead of having timestamps arrive at the end of the process, John's code captured them at execution time, for a much more accurate debugging process.

His code also introduced a new idea—the possibility of an emergency situation, so that a given printk() invocation could bypass the entire buffer and write its message to the console immediately. Thus, hopefully, even the shortest of final breaths could be used to reveal the villain's identity.

Sergey Senozhatsky had an existential question: if the new printk() was going to be preemptible in order to tolerate execution in any context, then what would stop a crash from interrupting printk() in order to die?

John offered a technical explanation, which seemed to indicate that "panic() can write immediately to the guaranteed NMI-safe write_atomic console without having to first do anything with other CPUs (IPIs, NMIs, waiting, whatever) and without ignoring locks."

Go to Full Article

Linux Kernel 5.1 Is Out, Red Hat Announces Winners of the 2019 Women in Open Source Awards, GNU Linux-libre 5.1-gnu Is Now Available, Lockheed Martin Worked with Red Hat to Improve F022 Raptor Fighter Jets, and Firefox 66.0.4 Released

Monday 6th of May 2019 02:21:18 PM

News briefs for May 6, 2019.

Linux kernel 5.1 is out. Linus Torvalds writes, "The past week has been pretty calm, and the final patch from rc6 is not all that big. The shortlog is appended, but it's small changes all over. Networking, filesystem code, drivers, tooling, arch updates. Nothing particularly odd stands out. Of course, the shortlog below is just for that final calm week. On the whole, 5.1 looks very normal with just over 13k commits (plus another 1k+ if you count merges)." He also mentions the timing of the 5.2 merge window might be an issue for him: "I just happen to have the college graduation of my oldest happen right smack dab in the middle of the upcoming merge window, so I might be effectively offline for a few days there. If worst comes to worst, I'll extend it to make it all work, but I don't think it will be needed."

Red Hat announced the winners of the 2019 Women in Open Source Awards. The two winners are Limor Fried, founder and lead engineer at Adafruit Industries, and Saloni Garg, a student at LNM Institute of Information Technology pursing A bachelor's degree in computer science. From the announcement: "Their contributions are innovative examples of how open source is being used to make a difference in people's lives and is well positioned to inspire future generations."

The Free Software Foundation Latin America team announced the release of GNU Linux-libre 5.1-gnu. Phoronix reports that "With Linux 5.1 besides re-basing all their existing patches, there were a few more drivers that required adjustments. Alexandre Oliva mentioned in the release announcement, 'Besides the usual assortment of firmware name updates, new drivers for mt7603 and goya required disabling of blob requests, wilc1000 had some files renamed which required adjusting the deblobbing logic, and a driver that we used to deblob (lantiq xrx200 firmware loader) was removed, so its cleaning up code is now gone.'" You can download it from FSFLA.org.

Lockheed Martin worked with Red Hat to "modernize the application development process used to bring new capabilities to the U.S. Air Force's fleet of F-22 Raptor fighter jets". From Red Hat's press release: "Through an eight-week Red Hat Open Innovation Labs residency, Lockheed Martin Aeronautics replaced the waterfall development process it used for F-22 Raptor upgrades with an agile methodology and DevSecOps practices that are more adaptive to the needs of the U.S. Air Force. Together, Lockheed Martin and Red Hat created an open architecture based on Red Hat OpenShift Container Platform that has enabled the F-22 team to accelerate application development and delivery."

Firefox 66.0.4 was released yesterday. ZDNet reports that this release "fixes the issue with an expired signing certificate that disabled add-ons for the vast majority of its userbase". You can download Firefox here.

News kernel Red Hat FSF GNU Linux-libre Firefox

Open Source--It's in the Genes

Monday 6th of May 2019 02:06:59 PM
by Glyn Moody

What happens when you release 500,000 human genomes as open source? This.

DNA is digital. The three billion chemical bases that make up the human genome encode data not in binary, but in a quaternary system, using four compounds—adenine, cytosine, guanine, thymine—to represent four genetic "digits": A, C, G and T. Although this came as something of a surprise in 1953, when Watson and Crick proposed an A–T and C–G pairing as a "copying mechanism for genetic material" in their famous double helix paper, it's hard to see how hereditary information could have been transmitted efficiently from generation to generation in any other way. As anyone who has made photocopies of photocopies is aware, analog systems are bad at loss-free transmission, unlike digital encodings. Evolution of progressively more complex structures over millions of years would have been much harder, perhaps impossible, had our genetic material been stored in a purely analog form.

Although the digital nature of DNA was known more than half a century ago, it was only after many years of further work that quaternary data could be extracted at scale. The Human Genome Project, where laboratories around the world pieced together the three billion bases found in a single human genome, was completed in 2003, after 13 years of work, for a cost of around $750 million. However, since then, the cost of sequencing genomes has fallen—in fact, it has plummeted even faster than Moore's Law for semiconductors. A complete human genome now can be sequenced for a few hundred dollars, with sub-$100 services expected soon.

As costs have fallen, new services have sprung up offering to sequence—at least partially—anyone's genome. Millions have sent samples of their saliva to companies like 23andMe in order to learn things about their "ancestry, health, wellness and more". It's exciting stuff, but there are big downsides to using these companies. You may be giving a company the right to use your DNA for other purposes. That is, you are losing control of the most personal code there is—the one that created you in the boot-up process we call gestation. Deleting sequenced DNA can be hard.

Go to Full Article

More in Tux Machines

Late Coverage of Confidential Computing Consortium

  • Microsoft Partners With Google, Intel, And Others To Form Data Protection Consortium

    The software maker joined Google Cloud, Intel, IBM, Alibaba, Arm, Baidu, Red Hat, Swisscom, and Tencent to establish the Confidential Computing Consortium, a group committed to providing better private data protection, promoting the use of confidential computing, and advancing open source standards among members of the technology community.

  • #OSSUMMIT: Confidential Computing Consortium Takes Shape to Enable Secure Collaboration

    At the Open Source Summit in San Diego, California on August 21, the Linux Foundation announced the formation of the Confidential Computing Consortium. Confidential computing is an approach using encrypted data that enables organizations to share and collaborate, while still maintaining privacy. Among the initial backers of the effort are Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent. “The context of confidential computing is that we can actually use the data encrypted while programs are working on it,” John Gossman, distinguished engineer at Microsoft, said during a keynote presentation announcing the new effort. Initially there are three projects that are part of the Confidential Computing Consortium, with an expectation that more will be added over time. Microsoft has contributed its Open Enclave SDK, Red Hat is contributing the Enarx project for Trusted Execution Environments and Intel is contributing its Software Guard Extensions (SGX) software development kit. Lorie Wigle, general manager, platform security product management at Intel, explained that Intel has had a capability built into some of its processors called software guard which essentially provides a hardware-based capability for protecting an area of memory.

Graphics: Mesa Radeon Vulkan Driver and SPIR-V Support For OpenGL 4.6

  • Mesa Radeon Vulkan Driver Sees ~30% Performance Boost For APUs

    Mesa's RADV Radeon Vulkan driver just saw a big performance optimization land to benefit APUs like Raven Ridge and Picasso, simply systems with no dedicated video memory. The change by Feral's Alex Smith puts the uncached GTT type at a higher index than the visible vRAM type for these configurations without dedicated vRAM, namely APUs.

  • Intel Iris Gallium3D Is Close With SPIR-V Support For OpenGL 4.6

    This week saw OpenGL 4.6 support finally merged for Intel's i965 Mesa driver and will be part of the upcoming Mesa 19.2 release. Not landed yet but coming soon is the newer Intel "Iris" Gallium3D driver also seeing OpenGL 4.6 support. Iris Gallium3D has been at OpenGL 4.5 support and is quite near as well with its OpenGL 4.6 support thanks to the shared NIR support and more with the rest of the Intel open-source graphics stack. Though it's looking less likely that OpenGL 4.6 support would be back-ported to Mesa 19.2 for Iris, but we'll see.

The GPD MicroPC in 3 Minutes [Video Review]

In it I tackle the GPD MicroPC with Ubuntu MATE 19.10. I touch on the same points made in my full text review, but with the added bonus of moving images to illustrate my points, rather than words. Read more Also: WiringPi - Deprecated

today's howtos