Language Selection

English French German Italian Portuguese Spanish

Gentoo

Redcore Linux Gives Gentoo a Nice Facelift

Filed under
Linux
Gentoo
Reviews

I like the overall look and feel of Redcore Linux. I generally do not use Gentoo-based Linux distros.

However, this distro does a good job of leveling the field of differences among competing Linux families. I especially like the way the LXQt and the KDE Plasma desktops have a noticeable common design that makes the Redcore distro stand out.

Read more

Attack on git signature verification via crafting multiple signatures

Filed under
Development
Gentoo
Security

This article shortly explains the historical git weakness regarding handling commits with multiple OpenPGP signatures in git older than v2.20. The method of creating such commits is presented, and the results of using them are described and analyzed.

Read more

Custom Linux Installations

Filed under
GNU
Linux
Gentoo
Debian

Customize your Linux installation and gain working knowledge of your system at the same time.

Most Linux users are content with a standard installation of their distribution of choice. However, many prefer a custom installation. They may simply prefer to do things their way without dozens of post-install tweaks. Others may want to know exactly what they are installing as a requirement for security. Still others may want a consistent installation for multiple machines or to learn more about their operating system step by step. Linux offers tools for all these purposes.

Admittedly, most of these tools are for major distributions. A survey of these tools shows that many are for time-tested distros like Debian or openSUSE. If you want a custom install of, say, KDE neon or Puppy Linux, you may not find a ready-made solution. But among the major distributions, you are like to find multiple solutions. Read on for some of the main options.

Read more

Calculate Linux 18.12 released

Filed under
Gentoo

We have a bunch of news for this last 2018 release. We have added support for installation on Btrfs with the zstd compression. All server editions have been optimized for size. Software can now be transferred when reinstalling the system. Our ISO images are packed in the zstd format to speed up the startup times for the LiveCD, applications and system installation.

Are available for download: Calculate Linux Desktop featuring the KDE (CLD), Cinnamon (CLDC), LXQt (CLDL), Mate (CLDM) or else Xfce (CLDX and CLDXE) environments, Calculate Directory Server (CDS), Calculate Linux Scratch (CLS) and Calculate Scratch Server (CSS).

Read more

Calculate Linux Desktop 18 LXQt released

Filed under
Gentoo

We are happy to announce the release of a new Calculate Linux Desktop flavour, featuring the LXQt desktop and therefore named CLDL. As well as other Calculates, it is backward compatible with Gentoo. As well as Gentoo, it uses Portage to install and manage packages. Our repository contains 13033 binary packages. The system boots with OpenRC. For network configuration, you have the choice between NetworkManager or OpenRC. For sound management, ALSA is suggested, PulseAudio is not needed.
CLDL is the fifth little one in the Calculate Linux Desktop family, providing a full-fledged workplace both in office and at home. This new distribution perfectly combines the advantages of Qt5, which is indeed the base for its interface, with the low system requirements of the Openbox window manager. CLDL is localized out-of-box in all standard European languages.

Read more

Elivepatch Progressing For Live Kernel Patching On Gentoo, Rolling To Other Distros

Filed under
Linux
Gentoo

Elivepatch is a distributed live kernel patching mechanism developed by the Gentoo crowd during GSoC 2017 and has continued to be developed. While it is still centered around Gentoo, there are ambitions to bring this open-source live kernel patching tech to other distributions.

Alice Ferrazzi as the Gentoo Kernel Project Leader has been central to the development of Elivepatch going back to its start almost two years ago and she presented on it last week at Linux Plumbers Conference 2018. Elivepatch builds upon the live-patching code in the mainline kernel but was motivated due to the different vendor solutions being quite limited. For example, Oracle with Ksplice only works with Oracle Linux kernels, some of the vendor solutions being closed-source, requiring other custom kernel bits, or lack long-term support.

Read more

Compartmentalized computing with CLIP OS

Filed under
OS
Gentoo

The design of CLIP OS 5 includes three elements: a bootloader, a core system, and the cages. The system uses secure boot with signed binaries. Only the x86 architecture was supported in the previous versions, and there are no other architectures in the plan for now. The core system is based on Hardened Gentoo. Finally, the cages provide user sessions, with applications and documents.

Processes running in separate cages cannot communicate directly. Instead, they must pass messages using special services on the core system; these services are unprivileged and confined on the cage system, but privileged on the core. These communication paths are shown in this architecture diagram from the documentation. Cages are also isolated from the core system itself — all interactions (system calls, for example) are checked and go through mediation services. The isolation between applications will be using containers, and the team plans to use the Flatpak format. The details of the CLIP OS 5 implementation are not available yet, as this feature is planned for the stable release.

A specific Linux security module (LSM) inspired from Linux-VServer will be used to add additional isolation between the cages, and between the cages and the core system. Linux-VServer is a virtual private server implementation designed for web hosting. It implements partitioning of a computer system in terms of CPU time, memory, the filesystem, and network addressing into security contexts. Starting and stopping a new virtual server corresponds to setting up and tearing down a security context.

Read more

Calculate Linux 18 released

Filed under
Gentoo

We are happy to announce the release of Calculate Linux 18!

In this latest version, Calculate Utilities were ported to Qt5, your network is managed in a different way, and binary packages get checked using their index signature.

Calculate Linux Desktop featuring KDE (CLD), Cinnamon (CLDC), Mate (CLDM), or Xfce (CLDX) environments, Calculate Linux Scratch (CLS), Calculate Directory Server (CDS) and Calculate Scratch Server (CSS) are available for download.

Read more

CLIP OS, Like Chrome OS, is Based on Gentoo

Filed under
Gentoo

ANSSI, the National Cybersecurity Agency of France, has released the sources of CLIP OS, that aims to build a hardened, multi-level operating system, based on the Linux kernel and a lot of free and open source software. We are happy to hear that it is based on Gentoo Hardened!

Read more

A brief discussion about package installation times in Gentoo Linux

Filed under
Gentoo

I thought that perhaps users of binary-based Linux distributions who are contemplating trying out the source-based distribution Gentoo Linux might be interested to know a bit about installation times in contrast to binary distributions. I am not going to go into great detail here; this is just to give interested people a quick idea of possible package installation times in Gentoo Linux.

The package manager of a binary-based distribution such as Ubuntu downloads and installs binary (i.e. pre-built) packages. On the other hand, Gentoo’s package manager Portage downloads source-code packages and builds the binaries (executables) on your machine. Nevertheless, a small number of Portage packages contain binaries rather than source code, either because the source code could take many hours to build on older hardware or because the source code is simply not available in the public domain. An example of the first scenario is Firefox, which is available in Gentoo both as the source code package www-client/firefox and as the binary package www-client/firefox-bin so that the user can choose which to install (‘merge’, in Gentoo parlance). An example of the second scenario is TeamViewer, which is only available as the binary package net-misc/teamviewer because TeamViewer is closed-source software (i.e. the company that develops TeamViewer does not release its source code).

Read more

Syndicate content

More in Tux Machines

How App Stores Are Addressing Fragmentation in the Linux Ecosystem

According to DistroWatch, 273 Linux distributions are currently active, with another 56 dormant and 521 discontinued. While some of these have shared underpinnings, it still makes for an extremely varied landscape for companies and developers. It means developers must create multiple versions of their applications to be able to provide their software to all Linux users or just address a fraction of the market. Also, developers require multiple versions of build tools, which inevitably results in significant resource overhead. Desktop application distribution is complex across all operating systems in general; in Linux, this is further compounded by such fragmentation and inter-dependencies both in the packaging and distribution of software. For example, Fedora uses the RPM packaging format, while Debian uses the .deb format. Moreover, packages built for one version of a Linux distribution are often incompatible with other versions of the same distribution and need to be built for each version separately. Read more

Security Leftovers

  • Security updates for Monday

    Security updates have been issued by Debian (ansible, faad2, linux-4.9, and thunderbird), Fedora (jbig2dec, libextractor, sphinx, and thunderbird), Mageia (expat, kconfig, mediawiki, nodejs, openldap, poppler, thunderbird, webkit2, and wireguard), openSUSE (buildah, ghostscript, go1.12, libmirage, python-urllib3, rdesktop, and skopeo), SUSE (python-Django), and Ubuntu (exim4, ibus, and Wireshark).

  • Open Source Security Podcast: Episode 161 - Human nature and ad powered open source

    Josh and Kurt start out discussing human nature and how it affects how we view security. A lot of things that look easy are actually really hard. We also talk about the npm library Standard showing command line ads. Are ads part of the future of open source?

  • Skidmap malware drops LKMs on Linux machines to enable cryptojacking, backdoor access

    Researchers have discovered a sophisticated cryptomining program that uses loadable kernel modules (LKMs) to help infiltrate Linux machines, and hides its malicious activity by displaying fake network traffic stats. Dubbed Skidmap, the malware can also grant attackers backdoor access to affected systems by setting up a secret master password that offers access to any user account in the system, according to Trend Micro threat analysts Augusto Remillano II and Jakub Urbanec in a company blog post today. “Skidmap uses fairly advanced methods to ensure that it and its components remain undetected. For instance, its use of LKM rootkits – given their capability to overwrite or modify parts of the kernel – makes it harder to clean compared to other malware,” the blog post states. “In addition, Skidmap has multiple ways to access affected machines, which allow it to reinfect systems that have been restored or cleaned up.”

  • Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload

    Cryptocurrency-mining malware is still a prevalent threat, as illustrated by our detections of this threat in the first half of 2019. Cybercriminals, too, increasingly explored new platforms and ways to further cash in on their malware — from mobile devices and Unix and Unix-like systems to servers and cloud environments. They also constantly hone their malware’s resilience against detection. Some, for instance, bundle their malware with a watchdog component that ensures that the illicit cryptocurrency mining activities persist in the infected machine, while others, affecting Linux-based systems, utilize an LD_PRELOAD-based userland rootkit to make their components undetectable by system monitoring tools.

Oracle launches completely autonomous operating system

Together, these two solutions provide automated patching, updates, and tuning. This includes 100 percent automatic daily security updates to the Linux kernel and user space library. In addition, patching can be done while the system is running, instead of a sysadmin having to take systems down to patch them. This reduces downtime and helps to eliminate some of the friction between developers and IT, explained Coekaerts. Read more

Software: Zotero, PulseCaster and Qt Port of SFXR

  • Zotero and LibreOffice

    If you’re working with LibreOffice and need to create a bibliography, this software makes it simple to manage your citations. You can tell how few people use LibreOffice’s Bibliography Database by the fact that a bug that would take 10 minutes to fix has survived since 2002. Instead, those who need bibliographies or citations rely on other software such as Zotero, which can be integrated into LibreOffice with an extension. That robust bug is that the Citation Format in the database table is called the Short Name in the input fields. Even more confusing, the examples give an arbitrary name, when to work with the citation insertion tool in Insert | Table of Contents and Index | Insert Bibliography Entry, it should in a standard form, such as (Byfield: 2016) for the MLA format. Add the fact that a single database is used for all files – an absurdity in these memory-rich days – and the neglect of the Bibliography Database is completely understandable.

  • PulseCaster 0.9 released!

    For starters, PulseCaster is now ported to Python 3. I used Python 3.6 and Python 3.7 to do the porting. Nothing in the code should be particular to either version, though. But you’ll need to have Python 3 installed to use it, as most Linux bistros do these days. Another enhancement is that PulseCaster now relies on the excellent pulsectl library for Python, by George Filipkin and Mike Kazantsev. Hats off to them for doing a great job, which allowed me to remove many, many lines of code from this release. Also, due the use of PyGObject3 in this release, there are numerous improvements that make it easier for me to hack on. Silly issues with the GLib mainloop and other entrance/exit stupidity are hopefully a bit better now. Also, the code for dealing with temporary files is now a bit less ugly. I still want to do more work on the overall design and interface, and have ideas. I’ve gotten way better at time management since the last series of releases and hope to do some of this over the USA holiday season this late fall and winter (but no promises).

  • SFXR Qt 1.3.0

    I just released version 1.3.0 of SFXR Qt, my Qt port of the SFXR sound effect generator.