Language Selection

English French German Italian Portuguese Spanish

Red Hat

Journey of a Linux DevOps engineer

Filed under
GNU
Linux
Red Hat
Server

After navigating the streets of Manhattan and finding a parking spot, we walked down the block to what turned out to be a large bookstore. You've seen bookstores like this on TV and in the movies. It looks small from the outside, but once you walk in, the store is endless. Walls of books, sliding ladders, tables with books piled high—it was pretty incredible, especially for someone like me who also loves reading.

But in this particular store, there was something curious going on. One of the tables was surrounded by adults, awed and whispering among each other. Unsure of what was going on, we approached. After pushing through the crowd, I saw something that drew me in immediately. On the table, surrounded by books, was a small grey box—the Apple Macintosh. It was on, but no one dared approach it—no one, that is, except me. I was drawn like a magnet, immediately grokking that the small puck-like device moved the pointer on the screen. Adults gasped and murmured, but I ignored them all and delved into the unknown. The year was, I believe, 1984.

Somewhere around the same time, though likely a couple of years before, my father brought home a TI-99/4A computer. From what I remember, the TI had just been released, so this had to be somewhere around 1982. This machine served as the catalyst for my love of computer technology and was one of the first machines I ever cut code on.

My father tells a story about when I first started programming. He had been working on an inventory database, written from scratch, that he had built for his job. I would spend hours looking over his shoulder, absorbing everything I saw. One time, he finished coding, saved the code, and started typing the command to run his code ("RUN"). According to him, I stopped him with a comment that his code was going to fail. Ignoring me, as I was only five or six at the time, he ran the code, and, as I had predicted, it failed. He looked at me with awe, and I merely looked back and replied, "GOSUB but no RETURN."

Read more

Also: Authorizing multi-language microservices with Louketo Proxy

IBM/Red Hat/Fedora Leftovers

Filed under
Red Hat

20 CentOS Server Hardening Security Tips – Part 1

Filed under
OS
Red Hat

This tutorial only covers general security tips for CentOS 8/7 which can be used to harden the system. The checklist tips are intended to be used mostly on various types of bare-metal servers or on machines (physical or virtual) that provide network services.

However, some of the tips can be successfully applied to general-purpose machines too, such as Desktops, Laptops, and card-sized single-board computers (Raspberry Pi).

Read more

Also: 23 CentOS Server Hardening Security Tips – Part 2

Systemd 246 Released With Many Changes

Filed under
Linux
Red Hat

Systemd 246 is out today as the newest version of this dominant Linux init system and system/service manager. Systemd 246 has a lot of new functionality in time for making it into at least some of the autumn 2020 Linux distributions.

Read more

RHEL and CentOS 7 Receive Important Kernel Security Update, Patch Now

Filed under
Red Hat
Security

RHEL (Red Hat Enterprise Linux) 7 and CentOS 7 operating system series received an important Linux kernel security and bug fix update that addressees four vulnerabilities and several other issues.

Probably the most important vulnerability patched in this new Linux kernel security update for RHEL and CentOS 7 systems is a flaw (CVE-2020-10757) discovered in the way mremap handled DAX Huge Pages, which could allow a local attacker with access to a DAX enabled storage to escalate their privileges on the system.

Also important is the buffer overflow (CVE-2020-12653) discovered in Linux kernel’s Marvell WiFi-Ex driver, which could allow a local user to escalate their privileges on the system. This was patched as well in the new kernel security update, but you can protect yourself by blacklisting the mwifiex kernel module.

Read more

Red Hat: Malwarebytes, 'Cloud', Partners and Buzzwords

Filed under
Red Hat
  • Malwarebytes Achieves Red Hat Enterprise Linux 8 Certification for Endpoint Protection

    Malwarebytes™, a leading provider of advanced endpoint protection and remediation solutions, today announced that it has achieved Red Hat Enterprise Linux 8 certification for its Malwarebytes Endpoint Protection for Servers product. This key certification gives users the confidence that they may more easily configure and deploy the product within Red Hat Enterprise Linux 8 environments.

    [...]

    Red Hat Enterprise Linux 8 is the world's leading enterprise Linux platform, designed to span the breadth of deployments across enterprise IT. For nearly any workload running on any environment, Red Hat Enterprise Linux 8 delivers one enterprise Linux experience to meet the unique technology needs of evolving enterprises in hybrid cloud environments. As part of the Red Hat partner ecosystem, Malwarebytes Endpoint Protection for Servers has proven that it can seamlessly deploy and operate within Red Hat Enterprise Linux ecosystems.

  • Defining cloud native, expanding the ecosystem, and more industry trends

    The impact: More and more companies are embracing the idea that there are customer problems they just can't solve without help. Maybe that reduces the money that can be made from each individual customer as it expands the opportunities to engage more broadly into more problem spaces.

  • Red Hat partners pave the way for future success & growth

    It’s hard to believe that we are already halfway through the year, and what a year it has been. Thank you to all of our partners for their contributions to drive success for our clients and for demonstrating impressive flexibility and creativity during these difficult times. While this year has certainly been one of continuous change and new challenges, I would like to take the opportunity to reflect on the momentum and innovation seen across our partner ecosystem thus far.

    As the marketplace continues to evolve in response to the global pandemic, the need for agility, automation and security in technology has become paramount for the enterprise. Additionally, we are experiencing a new age of organizational change and virtualization as people look for different ways of collaborating and staying connected. We were thrilled to have more than 10,000 members of our partner ecosystem register for the recent Red Hat Summit 2020 Virtual Experience, a testament to the dedication of our partners to the open source community.

  • How close are we to 5G edge cloud?

    New, enhanced, and useful customer experiences are vital to the successful adoption and monetization of new 5G services.

    As millions more devices connect to their networks, telecommunications service providers are migrating from hardware-based network appliances to virtualized infrastructure to enable them to rapidly and economically scale to meet ever increasing demands from customers.

    To deliver reliable 5G services, one way operators can improve application performance and reduce latency is by extending telco cloud infrastructure from their network core to the edge: closer to customers, devices, and data sources.

Snap vs. Flatpak vs. AppImage: Know The Differences, Which is Better

Filed under
Red Hat
Ubuntu

Each of the three distribution independent package formats discussed above has its advantage and disadvantages. I think there are still some improvements by each of them to make any of them the main package format for Linux distributions. Luckily, all these package formats can co-exist. You don’t have to stick to a particular package format when you can enjoy software from different package formats.

Read more

IBM/Red Hat/Fedora: OpenPOWER Foundation, Tim Hildred's Report and Fedora 33 Making Progress With Their Btrfs-By-Default

Filed under
Red Hat

  • Welcome Antmicro to the OpenPOWER Foundation

    This May, Antmicro announced support for the POWER ISA in Renode, its open source, multi-architecture, heterogeneous multi-core capable simulator for software development and software-hardware co-development.

    It’s an exciting development, as developers can now test applications based on the POWER ISA before running them on actual hardware. It’s an important step in achieving the vision of the OpenPOWER Foundation – to make POWER the easiest architecture on which to go from an idea to a silicon chip.

  • Getting started as an open source builder and more industry trends

    As part of my role as a principal communication strategist at an enterprise software company with an open source development model, I publish a regular update about open source community, market, and industry trends for product marketers, managers, and other influencers. Here are three of my and their favorite articles from that update.

  • Fedora 33 Making Progress With Their Btrfs-By-Default On The Desktop

    A progress report was shared today on the work towards making the Btrfs file-system the default choice for the desktop spins of the upcoming Fedora 33. 

    While the Fedora Engineering and Steering Committee has already approved using Btrfs for desktop spins by default with Fedora 33, a lot of work still is being done to make that a reality for the debut of F33 this autumn. 

IBM/Red Hat/Fedora: Open(washing) Mainframe Project, Christof Damian's (Fedora) Desk, Podman 2.0 and GNOME Internet Radio Locator 3.0.2 on F32

Filed under
Red Hat

  • Open Mainframe Project Unveils Major Technical Milestone with Zowe’s Long Term Support Release

    The Open Mainframe Project has announced that Zowe, an open source software framework for the mainframe that strengthens integration with modern enterprise applications, has marked a technical milestone with the first Long Term Support (LTS) release.

    The Open Mainframe Project launched Zowe, an open source project based on z/OS, in 2018 to serve as an integration platform for the next generation of administration, management and development tools on z/OS mainframes. The Zowe framework uses the latest web technologies among products and solutions from multiple vendors. Zowe enables developers to use familiar, industry-standard, open source tools to access mainframe resources and services.

    “Mainframes are the foundation of businesses in every industry,” said John Mertic, director of program management for the Linux Foundation and Open Mainframe Project. “Zowe continues to evolve rapidly due to numerous contributions from the open source community. The LTS release is our first major step into longevity and security that will offer innovative possibilities for the next generation of products and solutions.”

  • Christof Damian: My Workspace

    I like looking at pictures of other people's office set-ups. With most people working from home at the moment you see more and more nice workspaces especially tuned for video conferencing.
    I was lucky enough to have a space and a reasonable set-up already. By chance I also had ordered bits and pieces before everything was sold out on Amazon.
    There are a few things I still want to improve. The light is not ideal for video conferencing and I am also going to try a separate microphone for better sound.

  • Improved systemd integration with Podman 2.0

    Podman is known for its tight and seamless integration into Linux systems. Staying true to the "containers are Linux" philosophy, we make containerization as easy as possible. A core component of modern Linux systems is systemd, which is the de-facto standard for managing services and their dependencies. Early on, we realized that a seamless integration of Podman and systemd is important to our users.

  • GNOME Internet Radio Locator 3.0.2 for Fedora Core 32

    GNOME Internet Radio Locator 3.0.2 features updated language translations, new, improved map marker palette and now also includes radio from Washington, United States of America; WAMU/NPR, London, United Kingdom; BBC World Service, Berlin, Germany; Radio Eins, Norway; NRK, and Paris, France; France Inter/Info/Culture, as well as 118 other radio stations from around the world with audio streaming implemented through GStreamer.

IBM/Red Hat/Fedora: IBM Competitions, Red Hat Insights, Fedora Call for Participation

Filed under
Red Hat

  • Call for Code Daily: submission deadline, resources, and innovation

    The power of Call for Code® is in the global community that we have built around this major #TechforGood initiative. Whether it is the deployments that are underway across pivotal projects, developers leveraging the starter kits in the cloud, or ecosystem partners joining the fight, everyone has a story to tell. Call for Code Daily highlights all the amazing #TechforGood stories taking place around the world. Every day, you can count on us to share these stories with you. Check out the stories from the week of July 20th:

  • Submit your entries: NLC2CMD competition at NeurIPS 2020 is now open

    The NLC2CMD (English to Bash) Competition at NeurIPS 2020 is now officially open for entries. The event is comprised of two main parts: the NLC2CMD Competition for automatic translation of English to Bash, and the NLC2CMD Challenge for gathering data related to such translations.

    The NLC2CMD Competition solicits entries that can translate a given natural language utterance into a command to be executed on the Bash terminal shell. For example, “show me a list of all files” should produce something similar to “ls” as the predicted command. The competition features two tracks: The first is the accuracy track, which is measured in terms of whether the right utility (for example, “ls”) is predicted, along with the correct flags required for it to complete the required task. Full details of the metric used for evaluation in the accuracy track can be found here. The second track is the efficiency track — energy efficiency is increasingly an important consideration for AI and Machine Learning models, and the aim of this track is to encourage systems that are judicious in their energy consumption. The competition is hosted on the EvalAI platform.

  • Red Hat Insights: compliance

    In simple terms, compliance means adherence to rules or fulfillment of specifications. Accordingly, you need a guideline with a set of rules against which you can align your systems. The first step, therefore, is to create a compliance policy. Until you have done so, there is nothing to see in the Insights dashboard (see Fig. 1).

  • Fedora program update: 2020-30

    Here’s your report of what has happened in Fedora this week. The Nest With Fedora Call for Participation is now open.

    I have weekly office hours in #fedora-meeting-1. Drop by if you have any questions or comments about the schedule, Changes, elections, or anything else.

Syndicate content

More in Tux Machines

Best Torrent Clients for Linux

This article will cover various free and open source Torrent clients available for Linux. The torrents clients featured below have nearly identical feature sets. These features include support for magnet links, bandwidth control tools, tracker editing, encryption support, scheduled downloading, directory watching, webseed downloads, peer management, port forwarding and proxy management. Unique features of individual torrents clients are stated in their respective headings below. Read more

Audiocasts/Shows: Adding And Removing Swap Files Is Easy In Linux, Linux Action News, Open Source Security Poscast

  • Adding And Removing Swap Files Is Easy In Linux
  • Linux Action News 155

    We try out the new GNOME "Orbis" release and chat about Microsoft's new Linux kernel patches that make it clear Windows 10 is on the path to a hybrid Windows/Linux system. Plus, the major re-architecture work underway for Chrome OS with significant ramifications for Desktop Linux.

  •        
  • Open Source Security Poscast Episode 216 – Security didn’t find life on Venus

    Josh and Kurt talk about how we talk about what we do in the context of life on Venus. We didn’t really discover life on Venus, we discovered a gas that could be created by life on Venus. The world didn’t hear that though. We have a similar communication problem in security. How often are your words misunderstood?

Matthias Clasen: GtkColumnView

One thing that I left unfinished in my recent series on list views and models in GTK 4 is a detailed look at GtkColumnView. This will easily be the most complicated part of the series. We are entering into the heartland of GtkTreeView—anything aiming to replace most its features will be a complicated beast. Read more Also: Oculus Rift CV1 progress

AMD and Intel (x86) in Linux

  • Linux 5.10 Adding Support For AMD Zen 3 CPU Temperature Monitoring

    The next version of the Linux kernel will allow monitoring temperatures of the upcoming AMD Zen 3 processors. While CPU temperature monitoring support may seem mundane and not newsworthy, what makes this Zen 3 support genuinely interesting is that it's coming pre-launch... This is the first time in the AMD Zen era we are seeing CPU temperature reporting added to the Linux driver pre-launch. Not only is it coming ahead of the CPUs hitting retail channels but the support was added by AMD engineers.

  • FFmpeg Now Supports GPU Inference With Intel's OpenVINO

    Earlier this summer Intel engineers added an OpenVINO back-end to the FFmpeg multimedia framework. OpenVINO as a toolkit for optimized neural network performance on Intel hardware was added to FFmpeg for the same reasons there is TensorFlow and others also supported -- support for DNN-based video filters and other deep learning processing.

  • Intel SGX Enclave Support Sent Out For Linux A 38th Time

    For years now Intel Linux developers have been working on getting their Software Guard Extensions (SGX) support and new SGX Enclave driver upstreamed into the kernel. SGX has been around since Skylake but security concerns and other technical reasons have held up this "SGX Foundations" support from being mainlined. There has also been an apparent lack of enthusiasm by non-Intel upstream kernel developers in SGX. This past week saw the 38th revision to the patches in their quest to upstreaming this support for handling the Memory Encryption Engine (MEE) and relates SGX infrastructure. [...] The Intel SGX foundations v38 code can be found via the kernel mailing list. The Linux 5.10 merge window is opening up next month but remains to be seen if it will be queued for this next cycle or further dragged out into 2021.

  • Intel SGX foundations
    Intel(R) SGX is a set of CPU instructions that can be used by applications
    to set aside private regions of code and data. The code outside the enclave
    is disallowed to access the memory inside the enclave by the CPU access
    control.
    
    There is a new hardware unit in the processor called Memory Encryption
    Engine (MEE) starting from the Skylake microacrhitecture. BIOS can define
    one or many MEE regions that can hold enclave data by configuring them with
    PRMRR registers.
    
    The MEE automatically encrypts the data leaving the processor package to
    the MEE regions. The data is encrypted using a random key whose life-time
    is exactly one power cycle.
    
    The current implementation requires that the firmware sets
    IA32_SGXLEPUBKEYHASH* MSRs as writable so that ultimately the kernel can
    decide what enclaves it wants run. The implementation does not create
    any bottlenecks to support read-only MSRs later on.
    
    You can tell if your CPU supports SGX by looking into /proc/cpuinfo:
    
    	cat /proc/cpuinfo  | grep sgx