Language Selection

English French German Italian Portuguese Spanish

Gentoo

Calculate Linux Desktop 18 LXQt released

Filed under
Gentoo

We are happy to announce the release of a new Calculate Linux Desktop flavour, featuring the LXQt desktop and therefore named CLDL. As well as other Calculates, it is backward compatible with Gentoo. As well as Gentoo, it uses Portage to install and manage packages. Our repository contains 13033 binary packages. The system boots with OpenRC. For network configuration, you have the choice between NetworkManager or OpenRC. For sound management, ALSA is suggested, PulseAudio is not needed.
CLDL is the fifth little one in the Calculate Linux Desktop family, providing a full-fledged workplace both in office and at home. This new distribution perfectly combines the advantages of Qt5, which is indeed the base for its interface, with the low system requirements of the Openbox window manager. CLDL is localized out-of-box in all standard European languages.

Read more

Elivepatch Progressing For Live Kernel Patching On Gentoo, Rolling To Other Distros

Filed under
Linux
Gentoo

Elivepatch is a distributed live kernel patching mechanism developed by the Gentoo crowd during GSoC 2017 and has continued to be developed. While it is still centered around Gentoo, there are ambitions to bring this open-source live kernel patching tech to other distributions.

Alice Ferrazzi as the Gentoo Kernel Project Leader has been central to the development of Elivepatch going back to its start almost two years ago and she presented on it last week at Linux Plumbers Conference 2018. Elivepatch builds upon the live-patching code in the mainline kernel but was motivated due to the different vendor solutions being quite limited. For example, Oracle with Ksplice only works with Oracle Linux kernels, some of the vendor solutions being closed-source, requiring other custom kernel bits, or lack long-term support.

Read more

Compartmentalized computing with CLIP OS

Filed under
OS
Gentoo

The design of CLIP OS 5 includes three elements: a bootloader, a core system, and the cages. The system uses secure boot with signed binaries. Only the x86 architecture was supported in the previous versions, and there are no other architectures in the plan for now. The core system is based on Hardened Gentoo. Finally, the cages provide user sessions, with applications and documents.

Processes running in separate cages cannot communicate directly. Instead, they must pass messages using special services on the core system; these services are unprivileged and confined on the cage system, but privileged on the core. These communication paths are shown in this architecture diagram from the documentation. Cages are also isolated from the core system itself — all interactions (system calls, for example) are checked and go through mediation services. The isolation between applications will be using containers, and the team plans to use the Flatpak format. The details of the CLIP OS 5 implementation are not available yet, as this feature is planned for the stable release.

A specific Linux security module (LSM) inspired from Linux-VServer will be used to add additional isolation between the cages, and between the cages and the core system. Linux-VServer is a virtual private server implementation designed for web hosting. It implements partitioning of a computer system in terms of CPU time, memory, the filesystem, and network addressing into security contexts. Starting and stopping a new virtual server corresponds to setting up and tearing down a security context.

Read more

Calculate Linux 18 released

Filed under
Gentoo

We are happy to announce the release of Calculate Linux 18!

In this latest version, Calculate Utilities were ported to Qt5, your network is managed in a different way, and binary packages get checked using their index signature.

Calculate Linux Desktop featuring KDE (CLD), Cinnamon (CLDC), Mate (CLDM), or Xfce (CLDX) environments, Calculate Linux Scratch (CLS), Calculate Directory Server (CDS) and Calculate Scratch Server (CSS) are available for download.

Read more

CLIP OS, Like Chrome OS, is Based on Gentoo

Filed under
Gentoo

ANSSI, the National Cybersecurity Agency of France, has released the sources of CLIP OS, that aims to build a hardened, multi-level operating system, based on the Linux kernel and a lot of free and open source software. We are happy to hear that it is based on Gentoo Hardened!

Read more

A brief discussion about package installation times in Gentoo Linux

Filed under
Gentoo

I thought that perhaps users of binary-based Linux distributions who are contemplating trying out the source-based distribution Gentoo Linux might be interested to know a bit about installation times in contrast to binary distributions. I am not going to go into great detail here; this is just to give interested people a quick idea of possible package installation times in Gentoo Linux.

The package manager of a binary-based distribution such as Ubuntu downloads and installs binary (i.e. pre-built) packages. On the other hand, Gentoo’s package manager Portage downloads source-code packages and builds the binaries (executables) on your machine. Nevertheless, a small number of Portage packages contain binaries rather than source code, either because the source code could take many hours to build on older hardware or because the source code is simply not available in the public domain. An example of the first scenario is Firefox, which is available in Gentoo both as the source code package www-client/firefox and as the binary package www-client/firefox-bin so that the user can choose which to install (‘merge’, in Gentoo parlance). An example of the second scenario is TeamViewer, which is only available as the binary package net-misc/teamviewer because TeamViewer is closed-source software (i.e. the company that develops TeamViewer does not release its source code).

Read more

Security Issues at Gentoo Narrowed Down to Crappy Password

Filed under
Gentoo
Security
  • Linux experts are crap at passwords!

    Fortunately, Gentoo’s GitHub respository wasn’t the primary source for Gentoo code, and few, if any, Gentoo users were relying on it for software updates.

  • Gentoo publishes detailed report after its GitHub was compromised

    You may have seen the news towards the end of June that Gentoo, a fairly advanced Linux distribution, had its GitHub repository compromised after an attacker managed to gain access to one of the connected accounts. Now, Gentoo has published a comprehensive report about the incident and it turns out that the gaff was due to not following rudimentary security tips.

  • Weak Admin Password Caused Compromise of Gentoo GitHub repository

    Gentoo have finished their investigation of the hack that affected their project last week on GitHub. The point of vulnerability has turned out to be a weak Administrator password. upon compromise the hackers added the Linux killer command “rm -rf /” so when users cloned the project to their computers all their data will be erased.

Microsoft, the NSA, and GitHub

Filed under
Gentoo
Microsoft
Security
  • Gentoo hacker's code changes unlikely to have worked

    Linux distribution Gentoo's maintainers say attempts by attackers last week to sabotage code stored on Github is unlikely to have worked.

    Gentoo's Github account was compromised in late June.

    The attacker was able to gain administrative privileges for Gentoo's Github account, after guessing the password for it.

    Gentoo's maintainers were alerted to the attack early thanks to the attacker removing all developers from the Github account, causing them to be emailed.

  • NSA Exploit "DoublePulsar" Patched to Work on Windows IoT Systems

    An infosec researcher who uses the online pseudonym of Capt. Meelo has modified an NSA hacking tool known as DoublePulsar to work on the Windows IoT operating system (formerly known as Windows Embedded).

    The original DoublePulsar is a hacking tool that was developed by the US National Security Agency (NSA), and was stolen and then leaked online by a hacking group known as The Shadow Brokers.

    At its core, DoublePulsar is a Ring-0 kernel mode payload that acts like a backdoor into compromised systems. DoublePulsar is not meant to be used on its own, but together with other NSA tools.

  • Predictable password blamed for Gentoo GitHub organisation takeover [Ed: when Microsoft takes over the NSA gets all these passwords. (NSA PRISM)]

    Gentoo has laid out the cause and impact of an attack that saw the Linux distribution locked out of its GitHub organisation.

    The attack took place on June 28, and saw Gentoo unable to use GitHub for approximately five days.

    Due a lack of two-factor authentication, once the attacker guessed an admin's password, the organisation was in trouble.

Security: Open Source Security Podcast and Inaccurate Gentoo Coverage

Filed under
Gentoo
Security
  • Open Source Security Podcast: Episode 103 - The Seven Properties of Highly Secure Devices

    We take a real world view into how to secure our devices. What works, what doesn't work, and why this list is actually really good.

  • Github code repository for Gentoo Linux hacked [Ed: Lots of inaccuracies here]

    The Gentoo Linux distribution's Github repository was hacked last June 28, with the attackers modifying the code there.

    Github is a repository for all sorts of source code projects in a variety of programming languages. Gentoo Linux is one such project, stored in Github.

    Gentoo Linux administrators updated users as soon as the issue was found out.

  • Gentoo warning after GitHub hack [Ed: Crack, not "hack"]

    A key Gentoo Linux source code repository should be considered compromised after “unknown individuals” gained access to Gentoo’s Github organisation.

    In an email to the Gentoo announcement list, developer Alec Warner said that the individuals had seized control of the GitHub Gentoo organisation “and modified the content of repositories as well as pages there”.

Gentoo Needs to Delete GitHub

Filed under
Gentoo
Security
  • Gentoo GitHub mirror hacked and considered compromised

    Linux distribution Gentoo has had its GitHub mirror broken into and taken over, with GitHub pages changed and ebuilds replaced.

    In an alert, Gentoo said the attacker gained control of the Github Gentoo organisation at June 28, 20:20 UTC.

    "All Gentoo code hosted on github should for the moment be considered compromised," the alert said.

  • Et tu, Gentoo? Horrible gits meddle with Linux distro's GitHub code

    If you have fetched anything from Gentoo's GitHub-hosted repositories today, dump those files – because hackers have meddled with the open-source project's data.

    The Linux distro's officials sounded the alarm on Thursday, revealing someone managed to break into its GitHub organization account to modify software and webpages.

    Basically, if you downloaded and installed materials from Gentoo via GitHub, you might be compromised by bringing in malicious code. And until the all clear is given, you should avoid fetching anything from the project's 'hub org account.

    "Today, 28 June, at approximately 20:20 UTC unknown individuals have gained control of the Github Gentoo organization, and modified the content of repositories as well as pages there," Gentoo dev Alec Warner said in a bulletin.

  • Gentoo Linux GitHub organisation hacked, content modified

    The GitHub organisation of the Gentoo Linux distribution has been compromised and the project behind Gentoo is warning users not to use code from this source.

    In a statement, the Gentoo leadership said some unknown individuals had gained control of the GitHub Gentoo organisation on 28 June at 20.20 UTC and modified the content and pages.

    Gentoo is a Linux distribution meant for advanced users. The source is compiled locally depending on user preferences and is often optimised for specific hardware.

Syndicate content

More in Tux Machines

Debian and Derivatives

  • Montreal Bug Squashing Party - Jan 19th & 20th 2019
    We are organising a BSP in Montréal in January! Unlike the one we organised for the Stretch release, this one will be over a whole weekend so hopefully folks from other provinces in Canada and from the USA can come.
  • Debian Cloud Sprint 2018
    Recently we have made progress supporting cloud usage cases; grub and kernel optimised for cloud images help with reducing boot time and required memory footprint. There is also growing interest in non-x86 images, and FAI can now build such images. Discussion of support for LTS images, which started at the sprint, has now moved to the debian-cloud mailing list). We also discussed providing many image variants, which requires a more advanced and automated workflow, especially regarding testing. Further discussion touched upon providing newer kernels and software like cloud-init from backports. As interest in using secure boot is increasing, we might cooperate with other team and use work on UEFI to provide images signed boot loader and kernel.
  • Third Point Release of Univention Corporate Server 4.3-3
    With UCS 4.3-3 the third point release for Univention Corporate Server (UCS) 4.3 is now available, which includes a number of important updates and various new features.
  • Canonical Launches MicroK8s
    Canonical, the parent company of Ubuntu, has announced MicroK8s, a snap package of Kubernetes that supports more than 42 flavors of Linux. MicroK8s further simplifies the deployment of Kubernetes with its small disk and memory footprint. Users can deploy Kubernetes in a few seconds. It can run on the desktop, the server, an edge cloud, or an IoT device. Snap is a self-contained app package solution created by Canonical that competes with Flatpak, which is backed by Red Hat and Fedora. Snap offers macOS and Windows-like packages with all dependencies bundled with it. A snap package of Kubernetes means any Linux distribution that supports Snap can benefit from MicroK8s
  • Compiz: Ubuntu Desktop's little known best friend

OSS Leftovers

  • Android Open Source Project now includes the Fuchsia SDK and a Fuchsia ‘device’
     

    In a new commit posted today to Android’s Gerrit source code management, two Fuchsia-related repos have been added to the primary “manifest” for the Android Open Source Project. For the unfamiliar, this manifest is used to inform Google’s download tool “Repo” of what should be included when you download AOSP.

  • Google Fuchsia: Why This New Operating System Solves a Huge Coding Problem
     

    The mobile layout has been code-named “Armadillo” and the other view has been dubbed “Capybara,” reported 9to5Google. Both sides of Fuchsia will work together using a tab system that will make up a majority of the user experience.

  • Lessons in Vendor Lock-in: Shaving
    The power of open standards extends beyond today into the future. When my son gets old enough to shave, I can pass down one of my all-metal, decades-old antique razors to him, and it will still work. While everyone else in a decade will have to shave with some $20-per-blade disposable razor with three aloe strips, seven blades, and some weird vibrating and rotating motor, he will be able to pick any razor from my collection and find affordable replacement blades. This is the power of open standards and the freedom to avoid vendor lock-in.
  • Help us to make document compatibility even better
    The Document Liberation Project (DLP) is a sister project to LibreOffice, and provides many software libraries for reading and writing a large range of file formats – such as files created by other productivity tools. Thanks to the DLP, LibreOffice (and other programs) can open many legacy, proprietary documents, but there’s always room for improvement! Check out this short video to learn more:
  • GNU Guix: Back from SeaGL 2018
    SeaGL 2018 has concluded. Thank you to everyone in the local Seattle community who came to participate! As previously announced, Chris Marusich gave a talk introducing GNU Guix to people of all experience levels. Some very Guixy swag was handed out, including printed copies of this handy Guix reference card. The room was packed, the audience asked great questions, and overall it was tons of fun! If you weren't able to come to SeaGL this year, that's OK! You can watch a video of the talk below.

Servers: Kubernetes, CNCF, Red Hat and More

  • ​Bitnami Kubernetes Production Runtime released
    If you want to use a safe third-party container, smart people know they should turn to Bitnami. This company packages, deploys, and maintains applications in virtually any format for any platform. Now, at KubeCon in Seattle, Bitnami announced its Kubernetes release: Bitnami Kubernetes Production Runtime (BKPR) 1.0, a production-ready open source project. So, with everyone and their cloud provider offering Kubernetes, why should you care? Well, first, BKPR provides built-in monitoring, alerting, and metrics automatically, thereby enabling developers to avoid reinventing the wheel when they rollout a Kubernetes application.
  • Why the Cloud-Native Market Is Expanding at KubeCon
    The KubeCon + CloudNativeCon North America event is a beacon for news, with vendors showcasing their wares and making multiple announcements. KubeCon + CloudNativeCon runs here from Dec. 11-13 and has brought 8,000 attendees and more than 187 vendors into the exhibit hall. Kubernetes itself is part of the Cloud Native Computing Foundation (CNCF), which is also the home now to 31 open-source cloud projects. In this eWEEK Data Points article, we look at the major areas of innovation and new services announced at the conference.
  • Add It Up: Enterprise Adoption of Kubernetes Is Growing
    A recently updated user survey from monitoring software provider Datadog confirms an increase in Kubernetes adoption. We believe this is the result of three factors: 1) more organizations using containers in production; 2) Kubernetes has emerged as the leading orchestration platform; 3) organizations are choosing to adopt Kubernetes earlier in cloud native voyage. There is also some evidence that Kubernetes adoption is more likely among organizations with more containers being deployed. This article highlights findings from several studies released in conjunction with KubeCon + CloudNativeCon North America, a Kubernetes user conference being held this week in Seattle. Cloud Foundry’s most recent survey of IT decision makers shows container production usage jumping from 22 percent in early 2016 to 38 percent in late 2018, with these deployments increasingly being described as “broad.” The Cloud Foundry report also found an increase in the number of containers being deployed — in 2016, only 37 percent of cont
  • Oracle Q&A: A Refresher on Unbreakable Enterprise Kernel
    Oracle caused quite a stir in 2010 when it announced its Unbreakable Enterprise Kernel for Oracle Linux. We’ve checked in with Sergio Leunissen, Vice President, Linux and VM Development at Oracle, for an update on the ABCs of this important introduction as well as the company’s latest take on Linux.
  • Get the Skills You Need to Monitor Systems and Services with Prometheus
    Open source software isn’t just transforming technology infrastructure around the world, it is also creating profound opportunities for people with relevant skills. From Linux to OpenStack to Kubernetes, employers have called out significant skills gaps that make it hard for them to find people fluent with cutting-edge tools and platforms. The Linux Foundation not only offers self-paced training options for widely known tools and platforms, such as Linux and Git, but also offers options specifically targeting the rapidly growing cloud computing ecosystem. The latest offering in this area is Monitoring Systems and Services with Prometheus (LFS241). Prometheus is an open source monitoring system and time series database that is especially well suited for monitoring dynamic cloud environments. It contains a powerful query language and data model in addition to integrated alerting and service discovery support. The new course is specifically designed for software engineers and systems administrators wanting to learn how to use Prometheus to gain better insights into their systems and services.
  • Red Hat Container Development Kit 3.7 now available
  • CodeReady Workspaces for OpenShift (Beta) – It works on their machines too
    “It works on my machine.” If you write code with, for, or near anybody else, you’ve said those words at least once. Months ago I set up a library or package or environment variable or something on my machine and I haven’t thought about it since. So the code works for me, but it may take a long time to figure out what’s missing on your machine.
  • OpenShift & Kubernetes: Where We’ve Been and Where We’re Going Part 2
    The growth and innovation in the Kubernetes project, since it first launched just over four years ago, has been tremendous to see. In part 1 of my blog, I talked about how Red Hat has been a key contributor to Kubernetes since the launch of the project, detailed where we invested our resources and what drove those decisions. Today, that innovation continues and we are just as excited for what comes next. In this blog, I’d like to talk about where we are going and what we’re focused on, as we continue driving innovation in Kubernetes and the broader cloud native ecosystem and building the next generation of OpenShift.
  • Red Hat OpenStack Platform and making it easier to manage bare metal
    Bare metal is making a comeback. At Red Hat we have been observing an increase of the use of bare metal in general. And we aren’t the only ones. In 2017’s OpenStack User Survey there had been a growth of bare metal in production environments from 9% to 20% of the production deployments. The 2018 survey says that adoption of Ironic is being driven by Kubernetes, with 37% of respondents who use Kubernetes on OpenStack using the bare metal provisioner. And there are many reasons for this growth. A great blog post about Kubernetes on metal with OpenShift by Joe Fernandes described this growth in the context of containers on bare metal with Kubernetes as a driver for this growth. But, it doesn’t stop there - High-Performance Compute (HPC), access to hardware devices or scientific workloads such as AI/ML or data lake management are also contributing to this increase.
  • etcd finds new home at CNCF
    CoreOS has moved to secure the independence of etcd by donating the distributed key-value store to the Cloud Native Computing Foundation. The project was started by Core OS – now part of Red Hat – in 2013 to handle coordination between container instances so that a system reboot was possible without affecting the uptime of applications running on top. Its name can be seen as an hint to the management of configuration files, which over the years have grown to be stored in /etc directory in Unix systems.
  • Kubernetes etcd data project joins CNCF
    How do you store data across a Kubernetes container cluster? With etcd. This essential part of Kubernetes has been managed by CoreOS/Red Hat. No longer. Now, the open-source etcd project has been moved from Red Hat to the Cloud Native Computing Foundation (CNCF). What is etcd? No, it's not what happens when a cat tries to type a three-letter acronyms. Etcd (pronounced et-see-dee) was created by the CoreOS team in 2013. It's an open-source, distributed, consistent key-value database for shared configuration, service discovery, and scheduler coordination. It's built on the Raft consensus algorithm for replicated logs.
  • Welcome etcd to CNCF
    Etcd has been written for distributed systems like Kubernetes as a fault-tolerant and reliable data base. Clients can easily watch certain keys and get notified when their values change which allows scaling to a large number of clients that can reconfigure themselves when a value changes.
  • etcd: Current status and future roadmap
    etcd is a distributed key value store that provides a reliable way to manage the coordination state of distributed systems. etcd was first announced in June 2013 by CoreOS (part of Red Hat as of 2018). Since its adoption in Kubernetes in 2014, etcd has become a fundamental part of the Kubernetes cluster management software design, and the etcd community has grown exponentially. etcd is now being used in production environments of multiple companies, including large cloud provider environments such as AWS, Google Cloud Platform, Azure, and other on-premises Kubernetes implementations. CNCF currently has 32 conformant Kubernetes platforms and distributions, all of which use etcd as the datastore. In this blog post, we’ll review some of the milestones achieved in latest etcd releases, and go over the future roadmap for etcd. Share your thoughts and feedback on features you consider important on the mailing list: etcd-dev@googlegroups.com.
  • Red Hat contributes etcd, the cornerstone of Kubernetes, to the Cloud Native Computing Foundation
    Today Red Hat is thrilled to announce our contribution of etcd, an open source project that is a key component of Kubernetes, and its acceptance into the Cloud Native Computing Foundation (CNCF), a vendor-neutral foundation housed under The Linux Foundation to drive the adoption of cloud native systems. The etcd project’s focus is safely storing critical data of a distributed system and it demonstrated its quality early on. It is most notably the primary datastore of Kubernetes, the de facto standard system for container orchestration. Today we're excited to transfer stewardship of etcd to the same body that cares for the growth and maintenance of Kubernetes. Given that etcd powers every Kubernetes cluster, this move brings etcd to the community that relies on it most at the CNCF.
  • Banks take next steps to digital refinement
    The financial services industry (FSI) has gotten the message: customer expectations have changed radically. They want to experience banking services through multiple digital channels, and they want those services to go well beyond the generic products that traditional banks typically offer. Customers are looking for personalization, are comfortable with service automation, and are eager to get what they need quickly and easily. As the value chain for financial institutions’ services expands along with the need to deliver new and relevant customer offerings, their dexterity is being put to the test, according to an article by The Economist Intelligence Unit (EIU). To enable the flexibility and agility they need to support a dynamic environment, they’ve begun to create a culture of continuous delivery (CD). This allows for continuous cross-channel development, may allow deployment of features in hours rather than months, and lends support for performing system upgrades with zero downtime and without disturbing the customer experience.
  • CentOS 7-1810 "Gnome" overview | The community enterprise operating system
  • How to prepare for digital transformation with Red Hat Virtualization and Veeam
    Red Hat has a history of helping organizations reduce the cost of IT, from infrastructure to applications, while also helping to lay the foundation for open source digital transformation. More recently, Red Hat has sought to help organizations reduce the cost of virtualization, aiming to make it easier to accelerate their digital transformation journey through innovative technologies such as Red Hat Ansible Automation or Red Hat OpenShift Container Platform, Red Hat’s comprehensive enterprise Kubernetes Platform.
  • Red Hat schedules stockholder meeting to vote on $34B IBM deal
  • INVESTIGATION NOTICE: Kaskela Law LLC Announces Shareholder Investigation of Red Hat, Inc.
  • Red Hat sets date for stockholders to vote on the merger with IBM
  • Arista Works With Red Hat and Tigera on Container Environments for Enterprises
    Arista Networks is working with Red Hat and Tigera to help enterprises adopt containers in both private and public clouds. The three companies are demonstrating a preview of their upcoming offering this week at KubeCon + CloudNativeCon North America 2018 in Seattle. The integrated product will include Arista’s containerized Extensible Operating System (cEOS) and CloudVision software along with Red Hat’s OpenShift Container Platform and Tigera’s Secure Enterprise Edition.
  • Knative Meshes Kubernetes with Serverless Workloads
    Google Cloud’s Knative initiative launched in July is expanding to include an updated version of Google’s first commercial Knative offering along with a batch of new distributions based on serverless computing framework. Knative is a Kubernetes-based platform for building and managing serverless workloads in which cloud infrastructure acts as a server for managing the allocation of computing and storage resources. It is being offered as an add-on to Kubernetes Engine used to orchestrate application containers.
  • Red Hat Steps Up with HPC Software Solutions at SC18
    In this video from SC18 in Dallas, Yan Fisher and Dan McGuan from Red Hat describe the company’s powerful software solutions for HPC and Ai workloads.
  • RedHat contributes etcd, a distributed key-value store project, to the Cloud Native Computing Foundation at KubeCon + CloudNativeCon

Microsoft FUD, Openwashing and Entryism