Language Selection

English French German Italian Portuguese Spanish

Debian

EasyOS 2.1 Released, Which is Based on Debian 10 “Buster”

Filed under
Debian

EasyOS is an experimental distribution, which is designed from scratch to support containers.

Any app can run in a container, in fact an entire desktop can run in a container. Container management is by a simple GUI, it is named Easy Containers.

Easy Containers are extremely efficient, with almost no overhead — the base size of each container is only several KB.

Read more

man-db 2.8.7 and status of WebKitGTK in Debian

Filed under
Debian
  • man-db 2.8.7

    I’ve released man-db 2.8.7 (announcement, NEWS), and uploaded it to Debian unstable.

    There are a few things of note that I wanted to talk about here. Firstly, I made some further improvements to the seccomp sandbox originally introduced in 2.8.0. I do still think it’s correct to try to confine subprocesses this way as a defence against malicious documents, but it’s also been a pretty rough ride for some users, especially those who use various kinds of VPNs or antivirus programs that install themselves using /etc/ld.so.preload and cause other programs to perform additional system calls. As well as a few specific tweaks, a recent discussion on LWN reminded me that it would be better to make seccomp return EPERM rather than raising SIGSYS, since that’s easier to handle gracefully: in particular, it fixes an odd corner case related to glibc’s nscd handling.

  • The status of WebKitGTK in Debian

    Like all other major browser engines, WebKit is a project that evolves very fast with releases every few weeks containing new features and security fixes.

    WebKitGTK is available in Debian under the webkit2gtk name, and we are doing our best to provide the most up-to-date packages for as many users as possible.

    I would like to give a quick summary of the status of WebKitGTK in Debian: what you can expect and where you can find the packages.

Neptune 6.0 Linux Distro Released, It's Based on Debian GNU/Linux 10 "Buster"

Filed under
Debian

Dubbed "Spike," the Neptune 6.0 release is based on the Debian GNU/Linux 10 "Buster" operating system and powered by the Linux 4.19.37 kernel, which is patched with all the necessary hardware support for latest devices. It also ships with the KDE Plasma 5.14.5 desktop environment, which brings various improvements and new features over previous releases.

"Plasma Discover is able to upgrade hardware firmware now and features a more modern and polished look and feel," said the devs in the release announcement. "New improved desktop effects and handling of compositing in the window manager KWin result in a better more fluid user experience. The lockscreen is now invoked when changing users."

Read more

Ubuntu & Debian Moving Along With Plans For Removing Python 2 Packages

Filed under
Debian
Ubuntu

With Debian 10 "Buster" out the door and Python 2 hitting end-of-life at the end of the year, Debian is working on their process of removing Python 2 packages that don't get ported to Python 3 and Ubuntu is working on similar action for their Python 2 packages not found in upstream Debian.

Debian 10 will continue offering Python 2 support but looking ahead to Debian 11 "Bullseye" and Ubuntu 20.04 LTS is where each distribution is looking to respectively do away with their older support and just focus on Python 3. With just a little more than five months to go until Python 2 will officially be retired, they are working on transitioning capable packages over to using Python 3 where able and for unmaintained code comes down to removing them when there are no reverse dependencies.

Read more

Debian: Introducing Noir, miniDebConf19 Vaumarcus and New FAI.me Feature

Filed under
Debian
  • Introducing Noir

    Noir is a drop-in replacement for Black (the uncompromising code formatter), with the default line length set to PEP-8's preferred 79 characters. If you want to use it, just replace black with noir in your requirements.txt and/or setup.py and you're good to go.

    Black is a Python code formatter that reformats your code to make it more PEP-8 compliant. It implements a subset of PEP-8, most notably it deliberately ignores PEP-8's suggestion for a line length of 79 characters and defaults to a length of 88. I find the decision and the reasoning behind that somewhat arbitrary. PEP-8 is a good standard and there's a lot of value in having a style guide that is generally accepted and has a lot of tooling to support it.

    When people ask to change Black's default line length to 79, the issue is usually closed with a reference to the reasoning in the README. But Black's developers are at least aware of this controversial decision, as Black's only option that allows to configure the (otherwise uncompromising) code formatter, is in fact the line length.

    Apart from that, Black is a good formatter that's gaining more and more popularity. And, of course, the developers have every right to follow their own taste. However, since Black is licensed under the terms of the MIT license, I tried to see what needs to be done in order to fix the line length issue.

  • miniDebConf19 Vaumarcus – Oct 25-27 2019 – Registration is open

    The Vaumarcus miniDebConf19 is happening! Come see the fantastic view from the shores of Lake Neuchâtel, in Switzerland! We’re going to have two-and-a-half days of presentations and hacking in this marvelous venue and anybody interested in Debian development is welcome.

  • New FAI.me feature

    FAI.me, the build service for installation and cloud images has a new feature. When building an installation images, you can enable automatic reboot or shutdown at the end of the installation in the advanced options. This was implemented due to request by users, that are using the service for their VM instances or computers without any keyboard connected.

Debian: No longer a “Universal” operating system

Filed under
Debian

The Debian project has removed support for the MIPS architecture. This is the latest CPU architecture to be removed from Debian, betraying their tagline of being “The Universal Operating System”.

I take issue not only with their removal of the MIPS architecture, but of their reasoning for doing it.

Read more

LWN: Spectre, Linux and Debian Development

Filed under
Linux
Debian
  • Grand Schemozzle: Spectre continues to haunt

    The Spectre v1 hardware vulnerability is often characterized as allowing array bounds checks to be bypassed via speculative execution. While that is true, it is not the full extent of the shenanigans allowed by this particular class of vulnerabilities. For a demonstration of that fact, one need look no further than the "SWAPGS vulnerability" known as CVE-2019-1125 to the wider world or as "Grand Schemozzle" to the select group of developers who addressed it in the Linux kernel.
    Segments are mostly an architectural relic from the earliest days of x86; to a great extent, they did not survive into the 64-bit era. That said, a few segments still exist for specific tasks; these include FS and GS. The most common use for GS in current Linux systems is for thread-local or CPU-local storage; in the kernel, the GS segment points into the per-CPU data area. User space is allowed to make its own use of GS; the arch_prctl() system call can be used to change its value.

    As one might expect, the kernel needs to take care to use its own GS pointer rather than something that user space came up with. The x86 architecture obligingly provides an instruction, SWAPGS, to make that relatively easy. On entry into the kernel, a SWAPGS instruction will exchange the current GS segment pointer with a known value (which is kept in a model-specific register); executing SWAPGS again before returning to user space will restore the user-space value. Some carefully placed SWAPGS instructions will thus prevent the kernel from ever running with anything other than its own GS pointer. Or so one would think.

  • Long-term get_user_pages() and truncate(): solved at last?

    Technologies like RDMA benefit from the ability to map file-backed pages into memory. This benefit extends to persistent-memory devices, where the backing store for the file can be mapped directly without the need to go through the kernel's page cache. There is a fundamental conflict, though, between mapping a file's backing store directly and letting the filesystem code modify that file's on-disk layout, especially when the mapping is held in place for a long time (as RDMA is wont to do). The problem seems intractable, but there may yet be a solution in the form of this patch set (marked "V1,000,002") from Ira Weiny.
    The problems raised by the intersection of mapping a file (via get_user_pages()), persistent memory, and layout changes by the filesystem were the topic of a contentious session at the 2019 Linux Storage, Filesystem, and Memory-Management Summit. The core question can be reduced to this: what should happen if one process calls truncate() while another has an active get_user_pages() mapping that pins some or all of that file's pages? If the filesystem actually truncates the file while leaving the pages mapped, data corruption will certainly ensue. The options discussed in the session were to either fail the truncate() call or to revoke the mapping, causing the process that mapped the pages to receive a SIGBUS signal if it tries to access them afterward. There were passionate proponents for both options, and no conclusion was reached.

    Weiny's new patch set resolves the question by causing an operation like truncate() to fail if long-term mappings exist on the file in question. But it also requires user space to jump through some hoops before such mappings can be created in the first place. This approach comes from the conclusion that, in the real world, there is no rational use case where somebody might want to truncate a file that has been pinned into place for use with RDMA, so there is no reason to make that operation work. There is ample reason, though, for preventing filesystem corruption and for informing an application that gets into such a situation that it has done something wrong.

  • Hardening the "file" utility for Debian

    In addition, he had already encountered problems with file running in environments with non-standard libraries that were loaded using the LD_PRELOAD environment variable. Those libraries can (and do) make system calls that the regular file binary does not make; the system calls were disallowed by the seccomp() filter.

    Building a Debian package often uses FakeRoot (or fakeroot) to run commands in a way that appears that they have root privileges for filesystem operations—without actually granting any extra privileges. That is done so that tarballs and the like can be created containing files with owners other than the user ID running the Debian packaging tools, for example. Fakeroot maintains a mapping of the "changes" made to owners, groups, and permissions for files so that it can report those to other tools that access them. It does so by interposing a library ahead of the GNU C library (glibc) to intercept file operations.

    In order to do its job, fakeroot spawns a daemon (faked) that is used to maintain the state of the changes that programs make inside of the fakeroot. The libfakeroot library that is loaded with LD_PRELOAD will then communicate to the daemon via either System V (sysv) interprocess communication (IPC) calls or by using TCP/IP. Biedl referred to a bug report in his message, where Helmut Grohne had reported a problem with running file inside a fakeroot.

Debian and Ubuntu Leftovers

Filed under
Debian
Ubuntu
  • Joey Hess: releasing two haskell libraries in one day: libmodbus and git-lfs

    The first library is a libmodbus binding in haskell.

    There are a couple of other haskell modbus libraries, but none that support serial communication out of the box. I've been using a python library to talk to my solar charge controller, but it is not great at dealing with the slightly flakey interface. The libmodbus C library has features that make it more robust, and it also supports fast batched reads.

    So a haskell interface to it seemed worth starting while I was doing laundry, and then for some reason it seemed worth writing a whole bunch more FFIs that I may never use, so it covers libmodbus fairly extensively. 660 lines of code all told.

    Writing a good binding to a C library has art to it. I've seen ones that are so close you feel you're writing C and not haskell. On the other hand, some are so far removed from the underlying library that its documentation does not carry over at all.

    I tried to strike a balance. Same function names so the extensive libmodbus documentation is easy to refer to while using it, but plenty of haskell data types so you won't mix up the parity with the stop bits.

  • Misc Developer News (#49)
    The news are collected on https://wiki.debian.org/DeveloperNews
    Please contribute short news about your work/plans/subproject.
    
    In this issue:
     + Self-service buildd givebacks
     + Removal of the mips architecture
     + Superficial package testing
     + Debian Developers Reference now maintained as ReStructuredText
     + Scope of debian-mentors broadened to help with infrastructure questions
     + Hiding package tracker action items
    
    Self-service buildd givebacks
    -----------------------------
    
     Philipp Kern has created[1] an *experimental* service that allows Debian
     members to perform self-service retries of failed package builds (aka
     give-backs). This service aims to reduce the time it takes for give-back
     requests to be processed, which was done manually by the wanna-build
     admins until now. The service is authenticated using the Debian Single
     Signon[2] service. Debian members are still expected to act responsibly
     when looking at build failures; do your due diligence and try reproducing
     the issue on a porterbox first. Access to this service is logged and logs
     will be audited by the admins.
    
  • Debian Guts Support For Old MIPS CPUs

    Debian developers have decided to remove the 32-bit MIPS big-endian architecture. Debian will continue to maintain MIPSEL and MIPS64EL but the older 32-bit big-endian variant of MIPS will be no more. Debian developers decided to drop the older 32-bit BE support due to it being limited to 2GB of virtual address space and it being one of the remaining holdouts of big endian architectures for Debian. Not to mention, there hasn't been much interest in the older MIPS 32-bit BE target in a while either.

  • Alpha: Self-service buildd givebacks

    Builds on Debian's build farm sometimes fail transiently. Sometimes those failures are legitimate flakes, for instance when an in-progress build happens to exhaust its resources because of other builds on the same machine. Until now, you always needed to mail the buildd, wanna-build admins or the Release Team directly in order to get the builds re-queued.

    As an alpha trial I implemented self-service givebacks as a web script. As SSO for Debian developers is now a thing, it is trivial to add authentication in a way that a role account can use to act on your behalf. While at work this would all be an RPC service, I figured that a little CGI script would do the job just as well.

  • Linux Mint 19.2 Cinnamon Edition – Ships With Cinnamon 4.2 and Uses Ubuntu 18.04 LTS Package Base

    Linux Mint 19.2 has been released and announced by Linux Mint Project, now available to download which ship with the Cinnamon, Mate and Xfce editions both for both 32-bit and 64-bit architectures. It’s powered by the Linux 4.15 kernel and uses the Ubuntu 18.04 LTS package base, which will be supported for five years until 2023.

    Linux Mint 19.2 Cinnamon edition features latest version of Cinnamon desktop 4.2 with new features and updates. Although the amount of RAM consumed by Cinnamon largely depends on the video driver, Cinnamon uses significantly less RAM than before. The application menu is faster and it now identifies and distinguishes duplicates. If two applications have the same name, the menu will show more information about them. Scrollbars are now configurable and Nemo file manager support pin file and folder .

  • Jupyter looks to distro-agnostic packaging for the democratisation of installation

    When users of your application range from high school students to expert data scientists, it’s often wise to avoid any assumptions about their system configurations. The Jupyter Notebook is popular with a diverse user base, enabling the creation and sharing of documents containing live code, visualisations, and narrative text. The app uses processes (kernels) to run interactive code in different programming languages and send output back to the user. Filipe Fernandes has a key responsibility for Jupyter packaging and ease of installation. At the 2019 Snapcraft Summit in Montreal, he gave us his impressions of snaps as a tool to improve the experience for all concerned.

    “I’m a packager and a hacker, and I’m also a Jupyter user. I find Jupyter to be great as a teaching tool. Others use it for data cleaning and analysis, numerical simulation and modelling, or machine learning, for example. One of the strengths of Jupyter is that it is effectively language agnostic. I wanted Jupyter packaging to be similar, distro-agnostic, if you like.”

    Filipe had heard about snaps a while back, but only really discovered their potential after he received an invitation to the Snapcraft Summit and noticed that Microsoft Visual Studio Code had recently become available as a snap. The ease of use of snaps was a big factor for him. “I like things that just work. I often get hauled in to sort out installation problems for other users – including members of my own family! It’s great to be able to tell them just to use the snap version of an application. It’s like, I snap my fingers and the install problems disappear!”

Netrunner 19.08 – Indigo released

Filed under
KDE
Debian

The Netrunner Team is happy to announce the immediate availability of Netrunner 19.08 Indigo – 64bit ISO.

This time Netrunner 19.08 ships with a brand new Look and Feel called Indigo which features the identically named color as main attraction. The mixture of darker blue and lighter blue together with classic white like gray creates a pleasent to the eye look that matches the Breeze Icon theme without distracting your eyes. The new red colored cursor (RED-Theme) has a slight retro vibe to it and takes care of quickly finding the cursor on the screen and never really loose track of it. As always we provide a wonderfully drafted wallpaper which fits the overall design of the desktop.

Read more

Also: Netrunner 19.08 Released For Delivering A Clean KDE Experience Atop Debian 10

Dualboot Ubuntu 19.04 and Debian 10 on a 32GB USB Stick

Filed under
Debian
Ubuntu

Ubuntu 19.04, or Disco Dingo, and Debian 10, or Buster, are two latest versions in 2019 of two most popular GNU/Linux distros I already wrote about here and here. This tutorial explains dualboot installation procedures in simple way for Ubuntu Disco Dingo and Debian Buster computer operating systems onto a portable USB Flash Drive. There are 2 advantages of this kind of portable dualbooting; first, it's safer for your data in internal HDD and second, you can bring both OSes with you everywhere you go. You will prepare the partitions first, then install Ubuntu, and then install Debian, and finally finish up the GRUB bootloader, and enjoy. Go ahead!

Read more

Syndicate content

More in Tux Machines

Industrial PC with 6th or 7th Gen Intel CPUs has four PCIe slots for Nvidia graphics

Axiomtek’s “IPC974-519-FL” industrial PC for AI edge applications runs on Xeon E3 or 6th or 7th Gen Core CPUs and offers 4x PCIe/PCI slots for up to 300W Nvidia graphics plus 2x SATA, 2x GbE, and modular I/O expansion. Axiomtek announced the latest member in its line of IPC (industrial PC) computers with full-sized PCIe/PCI expansion slots. The new IPC974-519-FL computer is very similar to the IPC962-511-FL we reported on last February, which similarly supports Intel Xeon E3 or 6th Gen (Skylake) or 7th Gen (Kaby Lake) Core CPUs. However, the new model has four PCIe/PCI expansion slots instead of two. Read more

Android Leftovers

Red Hat Enterprise Linux 6 and CentOS 6 Receive Important Kernel Security Update

Marked by the Red Hat Product Security team as having a security impact of "Important," the new Linux kernel security update is here to patch a memory corruption (CVE-2018-9568) that occurred due to incorrect socket cloning and a NULL pointer dereference (CVE-2019-11810) discovered in drivers/scsi/megaraid/megaraid_sas_base.c, which could lead to a denial of service. Also fixed in this update are two bugs affecting the performance of the Linux kernel on Red Hat Enterprise Linux 6 and CentOS Linux 6 systems, namely a fragmented packets timing out issue and the backport TCP follow-up for small buffers. These two bugs can be corrected if you install the new kernel versions for your operating system. Read more

CAN-Bus HAT for Raspberry Pi 4 offers RTC and wide-range power

Copperhill’s third-gen, $65 “PiCAN3” HAT features Raspberry Pi 4 support and a SocketCAN-ready CAN-Bus 2.0B port. The HAT has an RTC and is powered by a 3A, 6-20V Switch Mode Power Supply that can also power the Pi. Copperhill Technologies has launched a CAN-Bus HAT for the Raspberry Pi 4 Model B designed for industrial and automotive applications. Like the PiCAN2. which we briefly covered last year as part of our report on Network Sorcery’s UCAN software for CAN-equipped Raspberry Pi boards, the HAT is equipped with a Microchip MCP2515 CAN controller and MCP2551 CAN transceiver. Read more