Language Selection

English French German Italian Portuguese Spanish

Programming: Vagrant, CSV to JSON and Python Bits

Filed under
Development
  • A beginner's guide to using Vagrant

    Vagrant describes itself as "a tool for building and managing virtual machine environments in a single workflow. With an easy-to-use workflow and focus on automation, Vagrant lowers development environment setup time, increases production parity, and makes the 'works on my machine' excuse a relic of the past."

  • Convert CSV to JSON with miller
  • New Project, Who Dis? - Building SaaS #38

    In this episode, we started a brand new project! I had some internet troubles so this “stream” is actually a local recording from my computer. We created a new Django project from scratch and set up Heroku to handle deployments.

    In spite of the streaming trouble, we were able to get a bunch done. We started the project from scratch so we made a repository on GitHub with some .gitignore settings tailored for Python projects.

  • RunSnakeRun for Python3 Out

    So I finally pushed out the Python3/wxPython Pheonix compatible release of RunSnakeRun. The Python3 version has to run Python2 in order to load Python2 pstats dumps, and Meliae doesn't AFAIK support Python3 yet, so I expect I'll just drop support for it eventually. The code is now living on GitHub rather than Launchpad.

  • Angular 9 CRUD Tutorial: Consume a Python/Django CRUD REST API

    This tutorial is designed for developers that want to use Angular 9 to build front-end apps for their back-end REST APIs. You can either use Python & Django as the backend or use JSON-Server to mock the API if you don't want to deal with Python. We'll be showing both ways in this tutorial.

  • Django: Angular 9/8 Tutorial By Example: REST CRUD APIs & HTTP GET Requests with HttpClient

    In this Angular 9 tutorial, we'll learn to build an Angular 9 CRUD example application going through all the required steps from creating/simulating a REST API, scaffolding a new project, setting up the essential APIs, and finally building and deploying your final application to the cloud.

More in Tux Machines

GNU: GDB (Debugger), Project's History, and GCC (Compiler)

  • GDB Debugger Adds Support For Debuginfod Web Server

    Debuginfod is the Red Hat led debug information HTTP web server distributed as part of elfutils and able to supply on-demand source code and ELF/DWARF debug files to debuggers / IDEs / other compiler tooling. The GDB debugger can now tap debuginfod for on-demand source files and debug information that isn't present on the local system. The motivation with debuginfod is to carry less developer "baggage" on local systems when it comes to debug files and potentially even source files. Particularly for organizations or cases like Linux distributions, a centralized debuginfod server could in turn supply the needed files to clients based upon the requested build ID. Red Hat has been working to expand the debuginfod support both for the GNU toolchain and also LLVM, among other possible users.

  • When is GOTS not in the national interest?

    The modern open-source software (OSS) movement can be traced back to the early 1980s with the birth of Richard Stallman’s GNU Project and the Free Software Foundation. [...] However, cost is a red herring for the real challenge presented by GOTS software solutions. On the surface, GOTS seems very similar to OSS which implies that it has the larger structural advantages of OSS. If handled cautiously, it can have those advantages, but care needs to be taken about what sort of existing software is being commoditized. The U.S. has a national interest in maintaining a strong software development capability. We are fortunate to be the dominant software-building country in the world. According to the Forbes 2000 list, the total market capitalization of U.S. internet, software, and computer services companies is close to $4.7 trillion — more than twice the rest of the world combined. Software tech is an enormous comparative advantage for the U.S. As a result, it is clearly in the national interest to have the government avoid directly competing against and potentially weakening the U.S. private sector.

  • New compiler added to popular studio for ARM and Cortex-M IDE

    The studio for ARM/Cortex-M is now supplied with three different compilers: GCC, Clang and the company's own compiler. The new compiler outperforms GCC and regular Clang on most benchmarks, decreasing both size of generated code as well as its execution speed.

Kernel: LWN and Phoronix Articles About Latest Discussions and Linux Developments

  • Filesystem UID mapping for user namespaces: yet another shiftfs

    The idea of an ID-shifting virtual filesystem that would remap user and group IDs before passing requests through to an underlying real filesystem has been around for a few years but has never made it into the mainline. Implementations have taken the form of shiftfs and shifting bind mounts. Now there is yet another approach to the problem under consideration; this one involves a theoretically simpler approach that makes almost no changes to the kernel's filesystem layer at all. ID-shifting filesystems are meant to be used with user namespaces, which have a number of interesting characteristics; one of those is that there is a mapping between user IDs within the namespace and those outside of it. Normally this mapping is set up so that processes can run as root within the namespace without giving them root access on the system as a whole. A user namespace could be configured so that ID zero inside maps to ID 10000 outside, for example; ranges of IDs can be set up in this way, so that ID 20 inside would be 10020 outside. User namespaces thus perform a type of ID shifting now. In systems where user namespaces are in use, it is common to set them up to use non-overlapping ranges of IDs as a way of providing isolation between containers. But often complete isolation is not desired. James Bottomley's motivation for creating shiftfs was to allow processes within a user namespace to have root access to a specific filesystem. With the current patch set, instead, author Christian Brauner describes a use case where multiple containers have access to a shared filesystem and need to be able to access that filesystem with the same user and group IDs. Either way, the point is to be able to set up a mapping for user and group IDs that differs from the mapping established in the namespace itself.

  • Keeping secrets in memfd areas

    Back in November 2019, Mike Rapoport made the case that there is too much address-space sharing in Linux systems. This sharing can be convenient and good for performance, but in an era of advanced attacks and hardware vulnerabilities it also facilitates security problems. At that time, he proposed a number of possible changes in general terms; he has now come back with a patch implementing a couple of address-space isolation options for the memfd mechanism. This work demonstrates the sort of features we may be seeing, but some of the hard work has been left for the future. Sharing of address spaces comes about in a number of ways. Linux has traditionally mapped the kernel's address space into every user-space process; doing so improves performance in a number of ways. This sharing was thought to be secure for years, since the mapping doesn't allow user space to actually access that memory. The Meltdown and Spectre hardware bugs, though, rendered this sharing insecure; thus kernel page-table isolation was merged to break that sharing. Another form of sharing takes place in the processor's memory caches; once again, hardware vulnerabilities can expose data cached in this shared area. Then there is the matter of the kernel's direct map: a large mapping (in kernel space) that contains all of physical memory. This mapping makes life easy for the kernel, but it also means that all user-space memory is shared with the kernel. In other words, an attacker with even a limited ability to run code in the kernel context may have easy access to all memory in the system. Once again, in an era of speculative-execution bugs, that is not necessarily a good thing.

  • Revisiting stable-kernel regressions

    Stable-kernel updates are, unsurprisingly, supposed to be stable; that is why the first of the rules for stable-kernel patches requires them to be "obviously correct and tested". Even so, for nearly as long as the kernel community has been producing stable update releases, said community has also been complaining about regressions that make their way into those releases. Back in 2016, LWN did some analysis that showed the presence of regressions in stable releases, though at a rate that many saw as being low enough. Since then, the volume of patches showing up in stable releases has grown considerably, so perhaps the time has come to see what the situation with regressions is with current stable kernels. As an example of the number of patches going into the stable kernel updates, consider that, as of 4.9.213, 15,648 patches have been added to the original 4.9 release — that is an entire development cycle worth of patches added to a "stable" kernel. Reviewing all of those to see whether each contains a regression is not practical, even for the maintainers of the stable updates. But there is an automated way to get a sense for how many of those stable-update patches bring regressions with them. The convention in the kernel community is to add a Fixes tag to any patch fixing a bug introduced by another patch; that tag includes the commit ID for the original, buggy patch. Since stable kernel releases are supposed to be limited to fixes, one would expect that almost every patch would carry such a tag. In the real world, about 40-60% of the commits to a stable series carry Fixes tags; the proportion appears to be increasing over time as the discipline of adding those tags improves.

  • Finer-grained kernel address-space layout randomization

    The idea behind kernel address-space layout randomization (KASLR) is to make it harder for attackers to find code and data of interest to use in their attacks by loading the kernel at a random location. But a single random offset is used for the placement of the kernel text, which presents a weakness: if the offset can be determined for anything within the kernel, the addresses of other parts of the kernel are readily calculable. A new "finer-grained" KASLR patch set seeks to remedy that weakness for the text section of the kernel by randomly reordering the functions within the kernel code at boot time.

  • Debian discusses how to handle 2038

    At this point, most of the kernel work to avoid the year-2038 apocalypse has been completed. Said apocalypse could occur when time counted in seconds since 1970 overflows a 32-bit signed value (i.e. time_t). Work in the GNU C Library (glibc) and other C libraries is well underway as well. But the "fun" is just beginning for distributions, especially those that support 32-bit architectures, as a recent Debian discussion reveals. One of the questions is: how much effort should be made to support 32-bit architectures as they fade from use and 2038 draws nearer? Steve McIntyre started the conversation with a post to the debian-devel mailing list. In it, he noted that Arnd Bergmann, who was copied on the email, had been doing a lot of the work on the kernel side of the problem, but that it is mostly a solved problem for the kernel at this point. McIntyre and Bergmann (not to mention Debian as a whole) are now interested in what is needed to update a complete Linux system, such as Debian, to work with a 64-bit time_t. McIntyre said that glibc has been working on an approach that splits the problem up based on the architecture targeted. Those that already have a 64-bit time_t will simply have a glibc that works with that ABI. Others that are transitioning from a 32-bit time_t to the new ABI will continue to use the 32-bit version by default in glibc. Applications on the latter architectures can request the 64-bit time_t support from glibc, but then they (and any other libraries they use) will only get the 64-bit versions of the ABI. One thing that glibc will not be doing is bumping its SONAME (major version, essentially); doing so would make it easier to distinguish versions with and without the 64-bit support for 32-bit architectures. The glibc developers do not consider the change to be an ABI break, because applications have to opt into the change. It would be difficult and messy for Debian to change the SONAME for glibc on its own.

  • UEFI Boot Support Published For RISC-V On Linux

    As we've been expecting to happen with the Linux EFI code being cleaned up before the introduction of a new architecture, the RISC-V patches have been posted for bringing up UEFI boot support. Western Digital's Atish Patra sent out the patch series on Tuesday for adding UEFI support for the RISC-V architecture. This initial UEFI Linux bring-up is for supporting boot time services while the UEFI runtime service support is still being worked on. This RISC-V UEFI support can work in conjunction with the U-Boot bootloader and depends upon other recent Linux kernel work around RISC-V's Supervisor Binary Interface (SBI).

  • Linux Kernel Seeing Patches For NVIDIA's Proprietary Tegra Partition Table

    As an obstacle for upstreaming some particularly older NVIDIA Tegra devices (namely those running Android) is that they have GPT entry at the wrong location or lacking at all for boot support. That missing or botched GPT support is because those older devices make use of a NVIDIA proprietary/closed-source table format. As such, support for this proprietary NVIDIA Tegra Partition Table is being worked on for the Linux kernel to provide better upstream kernel support on these consumer devices. NVIDIA Tegra devices primarily rely on a special partition table format for their internal storage while some also support traditional GPT partitions. Those devices with non-flakey GPT support can boot fine but TegraPT support is being worked on for handling the upstream Linux kernel with the other devices lacking GPT support or where it's at the wrong sector. This issue primarily plagues Tegra 2 and Tegra 3 era hardware like some Google Nexus products (e.g. Nexus 7) while fortunately newer Tegra devices properly support GPT.

  • Intel Continues Bring-Up Of New Gateway SoC Architecture On Linux, ComboPHY Driver

    Besides all the usual hardware enablement activities with the usual names by Intel's massive open-source team working on the Linux kernel, one of the more peculiar bring-ups recently has been around the "Intel Gateway SoC" with more work abound for Linux 5.7. The Intel Gateway SoC is a seemingly yet-to-be-released product for high-speed network packet processing. The Gateway SoC supports the Intel Gateway Datapath Architecture (GWDPA) and is designed for very fast and efficient network processing. Outside of Linux kernel patches we haven't seen many Intel "Gateway" references to date. Gateway appears to be (or based on) the Intel "Lightning Mountain" SoC we were first to notice and bring attention to last summer when patches began appearing for that previously unknown codename.

Security: Updates, DNS Features in IPFire, Shodan and Canonical's Role in Robot Operating System (ROS 2)

  • Security updates for Wednesday

    Security updates have been issued by Debian (python-pysaml2), Mageia (clamav, graphicsmagick, opencontainers-runc, squid, and xmlsec1), Oracle (kernel, ksh, python-pillow, systemd, and thunderbird), Red Hat (rh-nodejs12-nodejs), Scientific Linux (ksh, python-pillow, and thunderbird), and SUSE (nodejs6, openssl, ppp, and squid).

  • What you can do with the new DNS features in IPFire

    Every time you try to access a website - for example ipfire.org - you will ask a DNS server for the IP address to connect to. They won't see anything past "the slash" in the URL, but that is not necessary to know what you probably have in mind to do. That DNS server now knows which bank you are with, where you work, where you do your online shopping, who is hosting your emails and many things more... Although this data is not too interesting about one individual, it becomes very relevant when you are looking at many profiles. People who shop at a certain place or are with a certain bank might be high earners. People who shop at another place might have trouble to stay afloat financially. Now I know what advertisements I need to show to which group so that they will become my customers. In short, your whole browser history tells a lot about you and you might be giving it away for free to the advertising industry or other parties who will use your data against you.

  • How Shodan Has Been Improved to Help Protect Energy Utilities

    Shodan is a well-known security hacking tool that has even been showcased on the popular Mr. Robot TV show. While Shodan can potentially be used by hackers, it can also be used for good to help protect critical infrastructure, including energy utilities. At the RSA Conference in San Francisco, Michael Mylrea, Director of Cybersecurity R&D (ICS, IoT, IIoT) at GE Global Research, led a session titled "Shodan 2.0: The World’s Most Dangerous Search Engine Goes on the Defensive," where he outlined how Shodan has been enabled to help utilities identify risks in critical energy infrastructure. Shodan, to the uninitiated, is a publicly available search engine tool that crawls the internet looking for publicly exposed devices. Mylrea explained that utilities are often resource constrained when it comes to cybersecurity and are typically unaware of their risk. In recent years, there have been a number of publicly disclosed incidents involving utilities. To help solve that challenge, Mylrea proposed a project to the US Department of Energy (DoE) to enhance Shodan for utilities so they could use the tool to find risks quickly.

  • Canonical takes leadership role in security for ROS

    Canonical is committed to the future of robotics, as proven a short time ago when we joined the Technical Steering Committee of the second version of the Robot Operating System (ROS 2). We’re also dedicated to building a foundation of enterprise-grade, industry leading security practices within Ubuntu, so we’re excited to join both of these strengths with our own Joe McManus taking the helm of the ROS 2 Security Working Group. We believe robots based on Linux are cheaper to develop, more flexible, faster to market, easier to manage, and more secure. While ROS began as an academic project over a decade ago, it has grown to become the most popular middleware for creating Linux-powered robots. It has harnessed the power of open source, allowing for many of the complex problems faced by robotics to be solved through collaboration. The ROS developer community has continued to grow, and ROS now enjoys an increasing amount of commercial use and supported robots. In response, the ROS community has completely overhauled the ROS codebase and started distributing ROS 2.

Audiocasts/Shows/Screencasts: The Linux Link Tech Show, FLOSS Weekly, Linux Headlines and Arch/Manjaro

  • The Linux Link Tech Show Episode 846

    nodejs 12, raspberry pi, 3d printing, air frying

  • FLOSS Weekly 567: DeepCode

    DeepCode alerts you about critical vulnerabilities you need to solve in your code. DeepCode finds critical vulnerabilities that other automated code reviews don't, such as Cross-Site Scripting, Path Traversal or SQL injection. DeepCode finds critical vulnerabilities that other automated code reviews don't, such as Cross-Site Scripting, Path Traversal or SQL injection with 90% precision.

  • 2020-02-26 | Linux Headlines

    Brave joins forces with the Wayback Machine, the Linux Foundation teams up with IBM to fight climate change, and The Document Foundation puts out a call to the community.

  • Linux Apps I Use At Work

    Linux Apps I Use At Work This video will go over all the applications I use on my Work PC. I go over my email, file browser, and many other features. As a life long Windows user, I was able to optimize my workflow once I moved to Linux and pick up a lot of productivity.

  • Manjaro 19.0 KDE Plasma Edition overview | #FREE OPERATING SYSTEM.

    In this video, I am going to show an overview of Manjaro Linux 19.0 KDE Plasma Edition and some of the applications pre-installed.

  • Manjaro 19.0 XFCE Run Through

    In this video, we are looking at Manjaro 19.0 XFCE.