Language Selection

English French German Italian Portuguese Spanish

Linux

EndeavourOS Aims to Fill the Void Left by Antergos in Arch Linux World

Filed under
GNU
Linux

According to the project’s site, EndeavourOS came into existence because people in the Antergos community wanted to keep the spirit of Antergos alive. Their goal was simply to “have Arch installed with an easy to use installer and a friendly, helpful community to fall back on during the journey to master the system”.

Unlike many Arch-based distros, EndeavourOS is intending to work like vanilla Arch, “so no one-click solutions to install your favorite app or a bunch of preinstalled apps you’ll eventually don’t need”. For most people, especially those new to Linux and Arch, there will be a learning curve, but EndeavourOS aims to have a large friendly community where people are encouraged to ask questions and learn about their systems.

Read more

A Quick Comparison between Deepin, Mint, and Elementary

Filed under
GNU
Linux

I tried to make this article to help everybody find a desktop choice among Deepin, Mint, and Elementary operating systems. I select them because they are solely focused on desktop and have developed their own user interface. They are all GNU/Linux systems from Debian family, but with several distinctions you may love to see. For example, they differ on their own file managers, user interface layouts and built-in apps and several more things. You will also find which one still supports 32-bit PC nowadays, which one supports Flatpak by default, and more. Finally, I wish you can empower your PC and laptop with one of them. Enjoy!

Read more

Copying files in Linux

Filed under
Linux

Copying documents used to require a dedicated staff member in offices, and then a dedicated machine. Today, copying is a task computer users do without a second thought. Copying data on a computer is so trivial that copies are made without you realizing it, such as when dragging a file to an external drive.

The concept that digital entities are trivial to reproduce is pervasive, so most modern computerists don’t think about the options available for duplicating their work. And yet, there are several different ways to copy a file on Linux. Each method has nuanced features that might benefit you, depending on what you need to get done.

Read more

Servers, SUSE, Red Hat and Fedora

Filed under
GNU
Linux
Red Hat
Server
SUSE
  • My Favorite Infrastructure

    PCI policy pays a lot of attention to systems that manage sensitive cardholder data. These systems are labeled as "in scope", which means they must comply with PCI-DSS standards. This scope extends to systems that interact with these sensitive systems, and there is a strong emphasis on compartmentation—separating and isolating the systems that are in scope from the rest of the systems, so you can put tight controls on their network access, including which administrators can access them and how.

    Our architecture started with a strict separation between development and production environments. In a traditional data center, you might accomplish this by using separate physical network and server equipment (or using abstractions to virtualize the separation). In the case of cloud providers, one of the easiest, safest and most portable ways to do it is by using completely separate accounts for each environment. In this way, there's no risk that a misconfiguration would expose production to development, and it has a side benefit of making it easy to calculate how much each environment is costing you per month.

    When it came to the actual server architecture, we divided servers into individual roles and gave them generic role-based names. We then took advantage of the Virtual Private Cloud feature in Amazon Web Services to isolate each of these roles into its own subnet, so we could isolate each type of server from others and tightly control access between them.

    By default, Virtual Private Cloud servers are either in the DMZ and have public IP addresses, or they have only internal addresses. We opted to put as few servers as possible in the DMZ, so most servers in the environment only had a private IP address. We intentionally did not set up a gateway server that routed all of these servers' traffic to the internet—their isolation from the internet was a feature!

    Of course, some internal servers did need some internet access. For those servers, it was only to talk to a small number of external web services. We set up a series of HTTP proxies in the DMZ that handled different use cases and had strict whitelists in place. That way we could restrict internet access from outside the host itself to just the sites it needed, while also not having to worry about collecting lists of IP blocks for a particular service (particularly challenging these days since everyone uses cloud servers).

    [...]

    Although I covered a lot of ground in this infrastructure write-up, I still covered only a lot of the higher-level details. For instance, deploying a fault-tolerant, scalable Postgres database could be an article all by itself. I also didn't talk much about the extensive documentation I wrote that, much like my articles in Linux Journal, walks the reader through how to use all of these tools we built.

    As I mentioned at the beginning of this article, this is only an example of an infrastructure design that I found worked well for me with my constraints. Your constraints might be different and might lead to a different design. The goal here is to provide you with one successful approach, so you might be inspired to adapt it to your own needs.

  • A Blunt Reminder About Security for Embedded Computing

    The ICS Advisory (ICSA-19-211-01) released on July 30th by the Cybersecurity and Infrastructure Security Agency (CISA) is chilling to read. According to the documentation, VxWorks is “exploitable remotely” and requires “low skill level to exploit.” Elaborating further, CISA risk assessment concludes, “Successful exploitation of these vulnerabilities could allow remote code execution.”
    The potential consequences of this security breech are astounding to measure, particularly when I look back on my own personal experiences in this space, and now as an Account Executive for Embedded Systems here at SUSE.

    [...]

    At the time, VxWorks was the standard go-to OS in the majority of the embedded production platforms I worked with. It was an ideal way to replace the legacy stove-piped platforms with an Open Architecture (OA) COTS solution. In light of the recent CISA warning, however, it is concerning to know that many of those affected systems processed highly-classified intelligence data at home and abroad.

  • Red Hat Recognized as a Leader by Independent Research Firm in Infrastructure Automation Platforms Evaluation [Ed: Forrester is not “Independent Research Firm”; It’s taking bribes to lie.]
  • Why Red Hat can take over the cloud sooner than you think
  • Red Hat Enterprise Linux 7.7: Final Full Support Update
  • Transport Layer Security version 1.3 in Red Hat Enterprise Linux 8

    TLS 1.3 is the sixth iteration of the Secure Sockets Layer (SSL) protocol. Originally designed by Netscape in the mid-1990’s to serve the purposes of online shopping, it quickly became the primary security protocol of the Internet. Now not limited just to web browsing, among other things, it secures email transfers, database accesses or business to business communication.

    Because it had its roots in the early days of public cryptography, when public knowledge about securely designing cryptographic protocols was limited, the first two iterations: SSLv2 and SSLv3 are now quite thoroughly broken. The next two iterations, TLS 1.0 and TLS 1.1 depend on the security of Message Digest 5 (MD5) and Secure Hash Algorithm 1 (SHA1).

  • Cute Qt applications in Fedora Workstation

    Fedora Workstation is all about Gnome and it has been since the beginning, but that doesn’t mean we don’t care about Qt applications, the opposite is true. Many users use Qt applications, even on Gnome, mainly because many KDE/Qt applications don’t have adequate replacement written in Gtk or they are just used to them and don’t really have reason to switch to another one.

    For Qt integration, there is some sort of Gnome support in Qt itself, which includes a platform theme reading Gnome configuration, like fonts and icons. This platform theme also provides native file dialogs, but don’t expect native look of Qt applications. There used to be a gtk2 style, which used gtk calls directly to render natively looking Qt widgets, but it was moved from qtbase to qt5-styleplugins, because it cannot be used today in combination with gtk3.

    For reasons mentioned above, we have been working on a Qt style to make Qt applications look natively in Gnome. This style is named adwaita-qt and from the name you can guess that it makes Qt applications look like Gtk applications with Adwaita style. Adwaita-qt is actually not a new project, it’s been there for years and it was developed by Martin Bříza. Unfortunately, Martin left Red Hat long time ago and since then a new version of Gnome’s Adwaita was released, completely changing colors and made the Adwaita theme look more modern. Being the one who takes care of these things nowadays, I started slowly updating adwaita-qt to make it look like the current Gnome Adwaita theme and voilà, a new version was released after 3 months of intermittent work.

  • Fedora Community Blog: Friday with Infra

    Friday with Infra is a new event done by CPE (Community Platform Engineering) Team, that will help potential contributors to start working on some of the applications we maintain. During this event members of the CPE team will help you to start working on those applications and help you with any issue you may encounter. At the end of this event you should be able to maintain the application by yourself.

GNU/Linux/New Releases: Sparky 2019.08 Special Editions, Tails 4 Beta, OSMC Update

Filed under
GNU
Linux
  • Sparky 2019.08 Special Editions

    There are new live/install iso images of SparkyLinux 2019.08 “Po Tolo” special editions: GameOver, Multimedia & Rescue available to download. Sparky ‘Po Tolo’ follows rolling release model and is based on Debian testing “Bullseye”.

    GameOver Edition features a very large number of preinstalled games, useful tools and scripts. It’s targeted to gamers.

    Multimedia Edition features a large set of tools for creating and editing graphics, audio, video and HTML pages.

  • Call for testing: [Tails] 4.0~beta1

    You can help Tails by testing the first beta for the upcoming version 4.0!

    We are very excited about it and cannot wait to hear your feedback Smile

  • OSMC's July update is here

    OSMC's July update is now here and we continue to improve the OSMC experience for all of our users over the Summer. We have also been working on adding support for 3D Frame Packed (MVC) output for Vero 4K / 4K + and will make test builds available during the week on the forums. We are still preparing Raspberry Pi 4 images and will make these available soon.

Kernel: Linux 5.3, KernelShark 1.0, "Seems Perfectly Feasible and Then Dies"

Filed under
Linux
  • Bounded loops in BPF for the 5.3 kernel

    BPF programs have gained significantly in capabilities over the last few years and can now perform many useful operations. That said, BPF developers have had to work around an annoying limitation until recently: they could not use loops. This restriction was recently lifted by a patch set from Alexei Starovoitov that was merged for Linux 5.3. In addition to adding support for loops, it also greatly decreases the load time of most BPF programs.

  • KernelShark releases version 1.0

    It has been the better part of a decade since the last KernelShark article appeared here; in the interim, the kernel-tracing visualization tool has undergone some major changes. While the high-level appearance is largely similar, the underlying code has switched from GTK+ 2.0 to Qt 5. On July 26, maintainer Steven Rostedt announced the release of KernelShark version 1.0, which makes it a good time to take another peek.

    KernelShark is a graphical interface to help track down information in the voluminous kernel traces that trace-cmd can produce. trace-cmd is a front end for the ftrace kernel tracer. Rostedt wrote about trace-cmd and ftrace (part 1 and part 2) for LWN nearly a decade ago as well. Ftrace can collect an enormous amount of information from within a running kernel; trace-cmd simply makes it much easier for users to configure and manage those traces. KernelShark adds yet another level of capabilities.

  • Another Episode of "Seems Perfectly Feasible and Then Dies"--Script to Simplify the Process of Changing System Call Tables

    David Howells put in quite a bit of work on a script, ./scripts/syscall-manage.pl, to simplify the entire process of changing the system call tables. With this script, it was a simple matter to add, remove, rename or renumber any system call you liked. The script also would resolve git conflicts, in the event that two repositories renumbered the system calls in conflicting ways.

    Why did David need to write this patch? Why weren't system calls already fairly easy to manage? When you make a system call, you add it to a master list, and then you add it to the system call "tables", which is where the running kernel looks up which kernel function corresponds to which system call number. Kernel developers need to make sure system calls are represented in all relevant spots in the source tree. Renaming, renumbering and making other changes to system calls involves a lot of fiddly little details. David's script simply would do everything right—end of story no problemo hasta la vista.

    Arnd Bergmann remarked, "Ah, fun. You had already threatened to add that script in the past. The implementation of course looks fine, I was just hoping we could instead eliminate the need for it first." But, bowing to necessity, Arnd offered some technical suggestions for improvements to the patch.

  • Completing the pidfd API

    Unix-like systems traditionally represent many objects as files, but processes have always been an exception. They are, instead, represented by process IDs (PIDs), which are small integers — limited to 32767 by default, though that limit can be raised on Linux systems. There are a few problems with this representation, but the biggest one is arguably that PIDs are reused; when a process exits, its PID can be assigned to a new, unrelated process, and this can happen quickly. That creates a race condition where code that operates on a process, most often by sending it a signal, might end up performing an action on the wrong process.

    A pidfd is, instead, a file descriptor that refers to an existing process. Once the pidfd exists, it will only refer to that one process, so it can be used to send signals without worry that the wrong process might end up being the recipient. This feature is valuable enough that some process-management systems, most notably the one used by Android, are being rewritten to take advantage of it.

    There are two ways to create a pidfd. The preferred method in most cases will be to supply the CLONE_F_PIDFD flag to the clone() system call (or perhaps clone3() in the future); upon successful process creation, a pidfd representing the child will be returned to the parent. It is also possible to create a pidfd for an existing process with pidfd_open(), which was merged for the 5.3 kernel.

Darling: macOS compatibility for Linux

Filed under
GNU
Linux
Mac

There is an increasingly active development effort, known as Darling, that is aiming to provide a translation layer for macOS software on Linux; it is inspired in part by Wine. While Darling isn't nearly as mature as Wine, contributors are continuing to build out capabilities that could make the project more useful to a wider group of users in the future.

[...]

Darling is licensed under GPLv3 and, according to the project home page, it does not violate Apple's End User License Agreement (EULA) since it only uses the parts of Darwin that have been released as free software. Darwin, however, is licensed under the Apple Public Source License (APSL), which is a free-software license, but is not compatible with the GPL according to the FSF.

Read more

libfprint 1.0, Libinput 1.14 and OpenCL 2.2-11

Filed under
Graphics/Benchmarks
Linux
GNOME
  • Bastien Nocera: libfprint 1.0 (and fprintd 0.9.0)

    After more than a year of work libfprint 1.0 has just been released!

    It contains a lot of bug fixes for a number of different drivers, which would make it better for any stable or unstable release of your OS.

    There was a small ABI break between versions 0.8.1 and 0.8.2, which means that any dependency (really just fprintd) will need to be recompiled. And it's good seeing as we also have a new fprintd release which also fixes a number of bugs.

  • libinput 1.14.0
    libinput 1.14.0 is now available.
    
    A flurry of patches over the last RC but most of these were CI related. Two
    new significant bugfixes: the calibration matrix is now returned correctly
    even when it is the identity matrix. And the tablet pressure range is scaled
    correctly into the available physical range. Previously, the bottom 5% where
    effectively missing and pressure offset on worn-out pens handling took some
    of the scale away from the top.
    
    Below is the text from the 1.14.rc1 announcement which lists the other big
    features added since the 1.13 release.
    
    We have new and improved thumb detection for touchpads, thanks to Matt
    Mayfield. On Clickpad devices this should make interactions where a thumb is
    resting on the touchpad or dropped during an interaction more reliable. A
    summary of the changes can be found here:
    https://who-t.blogspot.com/2019/07/libinputs-new-thumb-detection-code.html
    
    The Dell Canvas Totem is now supported by libinput. It is exposed as a new
    tool type through the tablet interface along with two new axes. Note that
    this is only low-level support, the actual integration of the totem needs
    Wayland protocol changes and significant changes in all applications that
    want to make use of it. A summary of the changes can be found here.
    https://who-t.blogspot.com/2019/06/libinput-and-dell-canvas-totem.html
    
    Touch-capable tablets now tie both devices together for rotation. If you set
    the tablet to left-handed, the touchpad will be rotated along with the
    tablet. Note that this does not affect the left-handed-ness of the touchpad,
    merely the rotation. 
    
    Tablet proximity out handling for tablets that are unreliably sending
    proximity out events is now always timeout-based. It is no longer necessary
    to add per-device quirks to enable this feature and it is completely
    transparent on devices that work correctly anyway. The blog post below has a
    summary:
    https://who-t.blogspot.com/2019/06/libinput-and-tablet-proximity-handling.html
    
    Tablets that send duplicate tools (BTN_TOOL_PEN and BTN_TOOL_ERASER) now
    ignore the latter. This is an intermediate fix only but at least makes those
    tablets more usable than they are now. Issue #259 is the tracker for this
    particular behaviour if you are affected by it.
    
    The handling of kernel fuzz has been slightly improved. Where our udev rule
    fails to reset the fuzz on the kernel device, we disable the hysteresis and
    rely on the kernel now to handle it. Previously our hysteresis would take
    effect on top of the kernel's, causing nonresponsive behaviour.
    
    Note to distribitors: the python-evdev dependency has been dropped, the
    tools that used it are now using python-libevdev instead.
    
    As usual, the git shortlog is below.
    
    Benjamin Tissoires (3):
          gitlab-ci: allow to run on unprivileged containers
          gitlab-ci: force using docker format for the generated images
          tests: increase the timeout for the subprocess to receive the quit signal
    
    Brian Ashworth (1):
          evdev: always store user calibration matrix
    
    Peter Hutterer (14):
          tools: record: fix segfault on exit
          tools: record: fix two memory leaks
          meson.build: drop explicit install:true from configure_file
          gitlab CI: replace the user:password with a netrc file
          gitlab CI: fetch the WAYLAND_WEB_TOKEN from a file
          tablet: point the pressure offset log messages to the right URL
          tablet: add a comment explaining why we adjust the pressure offset downwards
          Add the ck_double_eq_tol() macros to the backwards compat headers
          test: fix the pressure offset tests
          tablet: make the pressure-offset inclusive of the axis minimum
          tablet: reduce the pressure range by the offset
          test: don't test at the 100 y range
          tablet: scale the available pressure range into the pressure thresholds
          libinput 1.14.0
    
    git tag: 1.14.0
  • Libinput 1.14 Released With Dell Canvas Totem Support, Touchpad Improvements

    Version 1.14 of the libinput library for unified input handling on Linux X.Org and Wayland systems is now available.

    Libinput 1.14 is notable for introducing support for the Dell Canvas Totem input device as a unique input device and we could be seeing more of these types of devices in the future.

  • Khronos Releases OpenCL 2.2-11 While Still Waiting For OpenCL-Next

    The Khronos Group has released the OpenCL 2.2-11 specification to address various issues with the existing OpenCL specification while the next major release as "OpenCL-Next" is likely still a number of months away.

    OpenCL 2.2-11 was released overnight with various bug fixes, clarifications, better formatting of the documentation, and integration with the OpenCL reference pages. That updated specification is available from the Khronos.org Registry.

Ubuntu 18.04.3 LTS Is Out with Linux Kernel 5.0 from Ubuntu 19.04, Download Now

Filed under
Linux
Ubuntu

Coming six months after the Ubuntu 18.04.2 LTS release, which shipped with the hardware enablement (HWE) kernel from the not deprecated Ubuntu 18.10 (Cosmic Cuttlefish) operating system, Ubuntu 18.04.3 LTS here as the third point release in the Ubuntu 18.04 LTS (Bionic Beaver) series with up-to-date components.

Ubuntu 18.04.3 LTS includes all the latest software and security fixes that have been published on the official repositories of the Ubuntu 18.04 LTS release since February 14th, 2019, when Ubuntu 18.04.2 LTS hit the streets. It also ships with updated kernel and graphics stacks from Ubuntu 19.04 (Disco Dingo), such as Linux kernel 5.0.

Read more

Newcomer EndeavourOS Offers a Friendlier Arch Linux Experience

Filed under
Linux
Reviews

EndeavourOS has a lot of potential. It is an impressive addition to the shortlist of distros that want to make using Arch a more rewarding experience.

For a Linux distro built around one of the more challenging Linux families, EndeavourOS is a stable, solid performer with few, if any, noticeable quirks. That shouts volumes, given the relative youth of the first stable release following beta development.

EndeavourOS is not an easy choice for Linux users with no hands-on experience with the Arch Linux ecosystem. Despite its newness, though, it is a better Arch Linux choice than other Arch variants.

It is a great choice for those willing to roll up their sleeves and learn Arch Linux's inner workings. Hopefully, EndeavourOS succeeds in making the Arch-based neighborhood a more inviting place for new users and seasoned Arch users as well.

Read more

Syndicate content

More in Tux Machines

Programming: CI/CD and 'DevRel'

  • CloudBees and Google Cloud Partner to Accelerate Application Development on Anthos

    Respective leaders in DevOps and cloud computing are partnering to provide end-to-end application development automation from source to production...

  • Codefresh’s More Robust, Open Source Marketplace Makes Coding Easier, Faster, More Secure

    First deployed in December 2018, the Codefresh Marketplace makes it easier for code developers to find commands without having to learn a proprietary API – every step, browsable in the pipeline builder, is a simple Docker image. The Marketplace contains a more robust set of pipeline steps provided both by Codefresh and partners, such as Blue-Green and Canary deployment steps for Kubernetes, Aqua security scanning, and Helm package and deployment. All plugins are open source and users can contribute to the collection by creating a new plugin.

  • Codefresh freshens produce at the Kubernetes code marketplace

    Codefresh is the first Kubernetes-native CI/CD technology, with CI denoting Continuous Integration and CD denoting Continuous Delivery, obviously. The organisation has this month worked to improve its open source marketplace with features that focus on faster code deployment. First deployed in December 2018, the Codefresh Marketplace [kind of like an app store] allows developers to find commands without having to learn a proprietary API — this is because every step, which is browsable in the pipeline builder, is a simple Docker image.

  • DevOps World | Jenkins World: CircleCI orbs, DevOps Institute’s Ambassador Program, and Codefresh Marketplace

    DevOps and Jenkins is on full display this week at CloudBees’ DevOps World | Jenkins World taking place in San Francisco. In addition to the DevOps thought leaders and community members coming together to learn, explore and help shape the next generation of Jenkins and DevOps, a number of organizations took the opportunity to reveal new products. [...] SmartBear revealed TestEngine, a new solution designed to automate test execution in CI/CD environments. In addition, the company announced ReadyAPI 2.8 to accelerate functional, security and load testing of RESTful, SOAP, GraphQL and other web services. The new tools are aimed at accelerating API delivery. Users can now execute ReadyAPI, SoapUI Pro and SoapUI Open Source tests simultaneously on a central source that’s integrated into their development processes. This tackles the challenges that Agile and DevOps teams have such as complex deployments, large regression suites, and global development teams, according to SmartBear in a post.

  • What Is Developer Relations?

    Matthew Broberg, Advocate and Editor at opensource.com says that in practice the implementation of DevRel has been far from consistent. "DevRel, in theory, is the intersection of three disciplines: engineering, marketing, and community management," he says. "In practice, DevRel applies to a wildly popular set of job titles with wildly different expectations across different organizations." [...] Rebecca Fitzhugh, Principal Technologist at Rubrik agrees. "While there is certainly a marketing component when representing the company to the customer and community, it's equally about representing the customer to the company," she says. "Our DevRel team brings feedback from our customers to the product and engineering team in order to drive a better developer experience against our product's APIs."

Network transparency with Wayland: Final report.

The goal of this 2019 Google Summer of Code project is to develop a tool with which to transparently proxy applications that use the Wayland protocol to be displayed by compositors. Unlike the original X protocol, only part of the data needed to display an application is transferred over the application's connection to the compositor; instead, large information transfers are made by sharing file descriptors over the (Unix socket) connection, and updating the resources associated with the file descriptors. Converting this side channel information to something that can be sent over a single data stream is the core of this work. The proxy program I have developed for the project is called Waypipe. It can currently be found at gitlab.freedesktop.org/mstoeckl/waypipe. (I am currently looking for a better stable path at which to place the project; the preceding URL will be updated once this is done.) A few distributions have already packaged the program; see here; alternatively, to build and run the project, follow the instructions in the README and the man page. My work is clearly identified by the commit logs, and amounts to roughly ten thousand lines of C code, and a few hundred of Python. Read more Also: Vulkan 1.1.120 Released As The Newest Maintenance Release

The ClockworkPi GameShell is a super fun DIY spin on portable gaming

Portable consoles are hardly new, and thanks to the Switch, they’re basically the most popular gaming devices in the world. But ClockworkPi’s GameShell is something totally unique, and entirely refreshing when it comes to gaming on the go. This clever DIY console kit provides everything you need to assemble your own pocket gaming machine at home, running Linux-based open-source software and using an open-source hardware design that welcomes future customization. The GameShell is the result of a successful Kickstarter campaign, which began shipping to its backers last year and is now available to buy either direct from the company or from Amazon. The $159.99 ( on sale for $139.99 as of this writing) includes everything you need to build the console, like the ClockworkPi quad-core Cortex A7 motherboard with integrated Wi-Fi, Bluetooth and 1GB of DDR3 RAM — but it comes unassembled. Read more

KNOPPIX 8.6.0 Public Release

Version 8.6 basiert auf → Debian/stable (buster), mit einzelnen Paketen aus Debian/testing und unstable (sid) (v.a. Grafiktreiber und aktuelle Productivity-Software) und verwendet → Linux Kernel 5.2.5 sowie Xorg 7.7 (core 1.20.4) zur Unterstützung aktueller Computer-Hardware. Read more English: Knoppix 8.6 new public version is finally out !