Language Selection

English French German Italian Portuguese Spanish

SUSE

Should Red Hat be afraid of SUSE's Rancher acquisition?

Filed under
Red Hat
SUSE

SUSE, a major Linux and cloud company, finalized its acquisition of Rancher Labs earlier this year.. Rancher, formerly a privately held open-source company, had over 37,000 active users and 100-million downloads of its flagship Kubernetes management program, Rancher.

SUSE is putting Red Hat and other Kubernetes powerhouse companies on notice that they mean to be a Kubernetes giant as well.

Read more

openSUSE Release Team to Share Results from arm Survey in Online Meetup

Filed under
SUSE

Members of the openSUSE release team members will share results of openSUSE on arm during two separate online sessions on openSUSE’s Jisti instance Dec. 2.

The first session will be at 10:00 UTC and the second session at 16:00 UTC. Both sessions are expected to cover the same content and reach different time zones globally for those interested in attending.

Overall, there were almost 300 responses submitted. The core team to develop the survey wants to use the results as a baseline for future surveys about arm to help gauge trends about development efforts with openSUSE on arm architecture.

The results did offer some telling answers about the majority of openSuse use on arm. More than 4 out of 5 responses indicated they used AArch64, Raspberry Pi 3, Raspberry Pi 4, PinePhone and/or Pine64.

Read more

Also: Candidate slate for the openSUSE Board Election 2020

GNOME, KDE Frameworks, Mutt update in Tumbleweed

Filed under
KDE
GNOME
SUSE

Four openSUSE Tumbleweed snapshots have been released since last Thursday.

Only two packages came in the most recent 20201124 snapshot. Email client mutt had a version bump from 1.14.7 to 2.0.2; the new major release was not because of the magnitude of features but because a few changes are backward incompatible. There were some important changes highlighted like when using attach-file to browse and add multiple attachments to an email; quit can be used to exit after tagging the files. For the full list, read the release notes. The release also fixed a Common Vulnerabilities and Exposures that ensures the IMAP connection is closed after a connection error to avoid sending credentials over an unencrypted connection. The other package in the snapshot was the Ruby static code analyzer rubygem-rubocop. The updated 1.3.1 version offers multiple new features and fixes like reading the required_ruby_version from gemspec file if it exists.

Read more

Xfce Virtual Machine Images For Development

Filed under
SUSE

The openSUSE distributions offer a variety of graphical desktop environments, one of them being the popular and lightweight Xfce. Up to now there was the stable tested branch available in Tumbleweed already during install. Furthermore, for interested users the development OBS repository xfce:next offered a preview state of what’s coming up next to Tumbleweed.

Xfce Development in openSUSE

Thanks to the hard work of openSUSE’s Xfce team there is a third option: Xfce Development Repository aka RAT In a playful way, a rat is meant to represent the unpolished nature of this release: a rat is scruffy looking compared to a mouse (the cute and beloved mascot of Xfce). And the RAT repository provides packages automatically built right from the Git Master Branch of Xfce upstream development. The goal of this project is to test and preview the new software so that bugs can be spotted and fixed ahead of time by contributing upstream. The packages pull in source code state on a daily basis and offer a quite convenient way to test and eventually help development. So this is where the team builds and tests the latest and unstable releases of Xfce Desktop Environment for openSUSE.

Read more

Security Patches in OpenSUSE and SUSE

Filed under
Security
SUSE
  • Two Tumbleweed Snapshots update PostgreSQL, Mesa

    Snapshot 20201117 provides the latest update of packages for the rolling release. Among the packages to update was Mozilla Thunderbird to version 78.4.3; the email client updated a Rust patch and brought in a new feature from a previous minor version that prompts for an address to be used when starting an email from an address book entry with multiple addresses. KDE’s Plasma 5.20.3 stopped the loading of multiple versions of the same plugin in the task manager KSysGuard and there were many other bug fixes for Plasma users. Four months of shell scripts were updated in the hxtools 20201116 version; one of the changes to gpsh changed the tmp location to /var/tmp, which was to avoid saving potentially large files to tmpfs. The Linux Kernel made a jump from 5.9.1 to 5.9.8, which had a change for Btrfs as well as several USB changes. Database package postgresql 13 had its first point release to 13.1, which took care of three Common Vulnerabilities and Exposures and fixed a time test case so it works when the USA is not observing daylight-savings time. The graphical tool for administering virtual machines, virt-manager slimmed down the filesystem device editor User Interface. Text editor vim had a fix for when a crash happens when using a popup window with “latin1” encoding and python 3.8.6 took care of CVE-2019-20916.

  • Guardicore and SUSE partner to help you protect your critical applications - SUSE Communities

    Within the cybersecurity segment, Guardicore stands out from the crowd with its Guardicore Centra Platform disrupting the legacy firewall market by implementing micro-segmentation in your organization. Their software-only approach is decoupled from the physical network, providing a faster alternative to firewalls. Built for the agile enterprise, Guardicore offers greater security and visibility in the cloud, data-center, and endpoint. It also ensures security doesn’t slow you down and thanks to SUSE environments, it allows you to code and deploy on demand

IBM/Red Hat/SUSE Leftovers

Filed under
Red Hat
SUSE

  • Secure your containers with SELinux | Opensource.com

    When things aren't working correctly in your Linux environment, the easiest thing to do is disable Security-Enhanced Linux (SELinux). Things suddenly begin to work, and you forget about it—but this is a common pitfall that means you've lost a very powerful security tool.

    Threats are rising alongside the rise of containers, microservices, and distributed architecture. This is due to an old, well-known issue: velocity. The advantage of containers is that they enable you to move fast, do more, and change quickly. This means container adoption has gone off the roof, but the speed it affords also means you will encounter more issues and vulnerabilities. This happens naturally when you're doing more things faster and quicker.

  • How to fix Linux EFI secure-boot shim bootloop issue - Hans' hacking log — LiveJournal

    How to fix the Linux EFI secure-boot shim bootloop issue seen on some systems.

    Quite a few Bay- and Cherry-Trail based systems have bad firmware which completely ignores any efibootmgr set boot options. They basically completely reset the boot order doing some sort of auto-detection at boot. Some of these even will given an error about their eMMC not being bootable unless the ESP has a EFI/Microsoft/Boot/bootmgfw.efi file!

    Many of these end up booting EFI/Boot/bootx64.efi unconditionally every boot. This will cause a boot loop since when Linux is installed EFI/Boot/bootx64.efi is now shim. When shim is started with a path of EFI/Boot/bootx64.efi, shim will add a new efibootmgr entry pointing to EFI/fedora/shimx64.efi and then reset. The goal of this is so that the firmware's F12 bootmenu can be used to easily switch between Windows and Linux (without chainloading which breaks bitlocker). But since these bad EFI implementations ignore efibootmgr stuff, EFI/Boot/bootx64.efi shim will run again after the reset and we have a loop.

  • How security and compliance automation can help achieve a more secure hybrid cloud

    In hybrid cloud environments, where workloads are deployed in physical hosts, virtual machines and containers across on-premise and cloud environments, security becomes more and more complex. As a part of the AnsibleFest Virtual Experience, Lucy Kerner, a Red Hat security strategist and evangelist, and Justin Lacey, a Red Hat solution architect, led the breakout session "Implementing a secure hybrid cloud using security and compliance automation." The session highlighted a combination of Red Hat technologies that can help simplify and improve security and compliance in a hybrid cloud environment at scale using automation. Missed out on this session? We’re recapping some key points here.

  • Renewing my thrill at work with Ansible | Enable Sysadmin

    Ansible empowered me to utilize my own technical strengths and passion to improve processes and enjoy my time.

  • Using Multus and DataVolume in KubeVirt - Red Hat Developer

    KubeVirt is a cloud-native virtual machine management framework based on Kubernetes. KubeVirt orchestrates workloads running on virtual machines in the same way that Kubernetes does for containers. KubeVirt has many features for managing the network, storage, images, and the virtual machine itself. This article focuses on two mechanisms for configuring network and storage requirements: Multus-CNI and CDI DataVolumes. You will learn how to configure these KubeVirt features for use cases that require high performance, security, and scalability.

    [...]

    As a cloud-native virtual machine management framework, KubeVirt adopts cloud-native technologies alongside its own inventions. As a result, KubeVirt APIs and controllers support flexible and scalable virtual machine configurations and management that can integrate well with many technologies in the cloud-native ecosystem. This article focused on KubeVirt’s network and storage mechanisms. We look forward to sharing more exciting features in the future, including KubeVirt’s mechanisms for handling CPU, memory, and direct device access.

  • Addressing Modern IT Infrastructure Management with SUSE Manager and SUSE Manager for Retail

    Applications hide in containers, systems hide in other systems, new configurations appear and disappear with a single mouse click, and every file is a potential threat. It is no wonder that CIOs and IT managers are looking for new tools and a new approach that will bring harmony, safety and economy to precious IT assets in changing times. Welcome to the new world of IT infrastructure management.

  • SUSE Manager certified on Nutanix Acropolis Hypervisor

    Nutanix provides a fully software-defined stack that integrates compute, virtualization, storage, networking, and security to power any application at any scale. Nutanix Acropolis Hypervisor is their enterprise-ready hypervisor, offering integrated virtualization, app mobility, management, operational insights, and security.

    We are very excited that SUSE Manager is now certified on Nutanix Acropolis Hypervisor. As part of the Nutanix Ready Program SUSE Manager is now a recommended and trusted application. With this certification SUSE Manager can run confidently on Nutanix infrastructure.

$6 billion Linux deal? SUSE IPO rumored

Filed under
SUSE

According to Bloomberg, EQT is planning an IPO for German Linux and enterprise software company SUSE. EQT is a Swedish-based private equity firm with €50 billion in raised capital. SUSE is the leading European Union (EU) Linux distributor.

Over the years, SUSE has changed owners several times. First, it was acquired by Novell in 2004. Then, Attachmate, with some Microsoft funding, bought Novell and SUSE in 2010. This was followed in 2014 when Micro Focus purchased Attachmate and SUSE was spun off as an independent division. Then, EQT purchased SUSE from Micro Focus for $2.5 billion in March 2019.

With an IPO of approximately $6 billion, EQT would do very well for itself in very little time.

Read more

openSUSE Board Election 2020 announced

Filed under
SUSE

Yes, but this time, it is the regular board election that is happening. The previous elections that were conducted during the past year were due to ad-hoc and unforeseen circumstances. However, as per the regular election cycle, we have three seats that are going to be vacant on the openSUSE Board in December. They are the seats of Axel Braun, Marina Latini and Stasiek Michalski. Note that Stasiek was elected this year to replace Christian Boltz whose term ends in 2020. However, Stasiek is opting out from this election due to personal commitments.

My friend from the Election Committee, Ariez Vachha, made the election announcement on the project mailing list yesterday. The election wiki page has been updated accordingly, which includes the usual election schedule poster. That’s courtesy of our friends from the openSUSE Indonesia community.

Read more

MicroOS Is Immutable Linux

Filed under
OS
SUSE

Linux finds a lot of uses in computers that aren’t desktops. But there is a problem. What happens if your mission-critical control computer or retail kiosk gets an update and then fails? Happens all the time with Windows and it can happen with Linux, too. The openSUSE project has an answer: MicroOS which bills itself as immutable. Aimed at container deployment, the operating system promises atomic updates with no disk changes during runtime. If an update does break something, the BTRFS file system allows you to roll back to a previous snapshot. [Tyler] installs the OS and gives it a walkthrough in the video below.

As [Tyler] found, there are not many applications installed by default. Instead, you are expected to install flatpaks so the applications live in their own containers, isolated from the operating system and each other.

Of course, this isn’t for everyone. On the other hand, there is something seductive about having a computer that is very reliable even in the face of updates. Of course, you can do snapshots with BTRFS or ZFS anywhere those are supported, but unless you are very careful, you might have problems with dependencies for applications and the wrong update can still ruin your day. The OS supports GNOME or KDE, with system requirements that claim you can run it in 1GB of RAM and 20GB of disk space. We’d imagine you’ll be happier if you have more, of course.

Read more

New AppArmor 3, KDE Applications, GStreamer Update in Tumbleweed

Filed under
SUSE

Some minor email changes have affected the Tumbleweed snapshot reviewer, so reviewer ratings won’t be listed.

The latest snapshot, 20201111, updated a half dozen RubyGems. The 4.11.0 rubygem-mini_magick package fixed the fetching of metadata when there are GhostScript warnings and fixed some method redefined warnings. The rubygem-web-console 4.1.0 package update added support for Rails 6.1.

KDE Applications 20.08.3 arrived in snapshot 20201110. In the 20.08.3 apps update, a fix for Okular addressed a wrong memory access that could cause a crash and a fix for the fast scrolling with Shift+Scroll. Video editor kdenlive provided a fix for the monitor displayed frames per second with high fps values and fixed the playlist clips that had a no audio regression. There were several other app fixes and konsole provided an important fix for closing the split view with ‘Alt+C’. Mozilla Firefox 82.0.3 fixed regressions introduced in the pervious minor version and took care of a Common Vulnerabilities and Exposures, which in certain circumstances, the MCallGetProperty opcode would emit with unmet assumptions that could result in an exploitable use-after-free condition. GStreamer 1.18.1 provided some important security and memory leak fixes while providing various stability and reliability improvements. Hardware identification and configuration data package hwdata 0.341 updated the Peripheral Component Interconnect, USB and vendor identifications. The multi-purpose desktop calculator qalculate 3.14.0 improved the plot speed for functions that are defined using expressions. Other packages updated in the snapshot were libbluray 1.2.1, a month and a half of updates for libiscsi and udisks2 2.9.1.

An update of the Xfce file manager package thunar to version 1.8.16 was the lone update in snapshot 20201108. The newer version updated translations, fixed an error for custom date formats and added a missing parameter to the ThunarBrowserPokeDeviceFunc function.

Read more

Syndicate content

More in Tux Machines

Programming Leftovers

  • Ravgeet Dhillon: Offline Toast notification in Nuxt/Vue app

    We have often seen apps telling us that “You are offline. Check your network status.”. It is not only convenient to do so but adds to a great UX. In this blog, we will look at how can we display a toast notification in a Nuxt/Vue app whenever the user goes offline or online. This will also help us to understand how to use computed and watch properties together. [...] Hurray! Our toast notifications are working perfectly fine. So using the combined magic of computed and watch properties, we can create outstanding workflows and take our Nuxt/Vue app to next level. If you any doubts or appreciation for our team, let us know in the comments below. We would be happy to assist you.

  • Stephen Michael Kellat: Leveraging LaTeX In This Time

    From time to time I like to bring up fun adventures in LaTeX. In these stranges times in the United States it is important to look at somewhat practical applications beyond the normal reports and formal papers most people think of. With a Minimum Working Example we can mostly look at an idea. The Comprehensive TeX Archive Network has a package known as newspaper which is effectively subject to nominative determinism. You can make things with it that look like newspapers out of the 1940s-1960s in terms of layout. The page on CTAN shows nice examples of its use and provides a nice story as to why the package was created. The example source file on CTAN has a bug in it, though. We're going to make a new one based on it. I am also going to add but not yet utilize the markdown package to the example.

  • 2021.03 Course Topped – Rakudo Weekly News

    The course of the Raku Programming Language by Andrew Shitov made it to the top 20 of Hacker News and spurred quite a few comments. The first associated Grant Report was also published.

  • GCC 11 Is On The Final Stage Of Development With 60+ High Priority Regressions - Phoronix

    GCC 11 entered its final stage of development today as it works towards releasing around the end of Q1 / early Q2 if their past cadence holds up. Before GCC 11.1 can debut as the first stable version, there are some 60+ "P1" high priority regressions that need to be resolved or otherwise demoted to lesser priority regressions. GCC 11 release manager Richard Biener this morning announced GCC 11 is now in stage four development meaning only regression fixes and documentation fixes are allowed. As of this morning the code-base is at 62 P1 regressions, another 334 P2 regressions, 35 P3 regressions, and more than 200 regressions of the lower P4/P5 status.

Devices: Xtra-PC, Arduino and Inventor Coding Kit

  • Xtra-PC Reviews – Best Linux USB-Stick? - Product Review by Rick Finn

    The Xtra-PC Linux USB-Stick might be your solution if you have problems with your old and slow PC. It's a small flash drive stick and it's using Linux OS to boost you PC's operations. Check out now.

  • Arduino Blog » Old keyboard turned into a new children’s learning toy

    Peter Turczak’s toddler son loves “technical stuff,” especially things like keyboards and computers that adults use. After discussing this with other likeminded technical parents, the idea of giving new life to an old (PS/2 or AT) keyboard as a teaching tool was hatched.

  • SiFive Helping To Teach Kids Programming With RISC-V HiFive Inventor Coding Kit

    SiFive in cooperation with Tynker and BBC Learning have launched a Doctor Who themed HiFive Inventor Coding Kit. This Initial HiFive Inventor Coding Kit is intended to help kids as young as seven years of age get involved with computer programming through a variety of fun exercises and challenges involving the RISC-V powered mini computer and related peripherals like LED lighting and speaker control. [...] So for those looking to get their kids involved with computer programming and looking for an IoT-type device with some fun sensors and various themed exercises to get them experimenting, the HiFive Inventor Coding Kit is worth looking into further. More details on the programming platform can be found via Tynker.com and on the hardware at HiFiveInventor.com. The HiFive Inventor Kit is available from Amazon.com and other Internet retailers for $75 USD.

Security Leftovers

  • Security updates for Monday

    Security updates have been issued by Arch Linux (atftp, coturn, gitlab, mdbook, mediawiki, nodejs, nodejs-lts-dubnium, nodejs-lts-erbium, nodejs-lts-fermium, nvidia-utils, opensmtpd, php, python-cairosvg, python-pillow, thunderbird, vivaldi, and wavpack), CentOS (firefox and thunderbird), Debian (chromium and snapd), Fedora (chromium, flatpak, glibc, kernel, kernel-headers, nodejs, php, and python-cairosvg), Mageia (bind, caribou, chromium-browser-stable, dom4j, edk2, opensc, p11-kit, policycoreutils, python-lxml, resteasy, sudo, synergy, and unzip), openSUSE (ceph, crmsh, dovecot23, hawk2, kernel, nodejs10, open-iscsi, openldap2, php7, python-jupyter_notebook, slurm_18_08, tcmu-runner, thunderbird, tomcat, viewvc, and vlc), Oracle (dotnet3.1 and thunderbird), Red Hat (postgresql:10, postgresql:12, postgresql:9.6, and xstream), SUSE (ImageMagick, openldap2, slurm, and tcmu-runner), and Ubuntu (icoutils).

  • About CVE-2020-27348

    Well this is a doozey. Made public a while back was a security vulnerability in many Snap Packages and the Snapcraft tool used to create them. Specifically, this is the vulnerability identified as CVE-2020-27348. It unfortunately affects many many snap packages… [...] The problem arises when the LD_LIBRARY_PATH includes an empty element in its list. When the Dynamic Linker sees an empty element it will look in the current working directory of the process. So if we construct our search paths with an accidental empty element the application inside our Snap Package could be caused to load a shared library from outside the Snap Package’s shipped files. This can lead to an arbitrary code execution. It has been common to put a definition of the LD_LIBRARY_PATH variable into a Snap Package’s snapcraft.yaml that references a predefined $LD_LIBRARY_PATH as if to extend it. Unfortunately, despite this being common, it was poorly understood that SnapD ensures that the $LD_LIBRARY_PATH is unset when starting a Snap Package’s applications. What that means is that where the author tried to extend the variable they have inadvertantly inserted the bad empty element. The empty element appears because $LD_LIBRARY_PATH is unset so the shell will expand it to an empty string.

  • Wait, What? Kids Found A Security Flaw in Linux Mint By Mashing Keys!

    Security flaws can be incredibly stupid and dangerous. Of course, I’m not judging anyone, we are humans after all. But this little incident is quite funny.

Audiocasts/Shows: Blender 2.91, Server Security, Linux in the Ham Shack and More