Skip to main content

Linux News

Slimbook Launches New "Apollo" Linux PC, First Beta for Service Pack 5 of SUSE Linux Enterprise 12 Is Out, NVIDIA Binary Drivers for Ubuntu Growing Stale, DragonFly BSD v 5.6 Released and Qt v. 5.12.4 Now Available

Linux Journal - 11 hours 4 min ago

News briefs for June 18, 2019.

Slimbook, the Spanish Linux computer company, just unveiled a brand-new all-in-one Linux PC called the "Apollo". It has a 23.6 inch IPS LED display with a 1920x1080 resolution, and a choice between an Intel i5-8500 and i7-8700 processors. It comes with up to 32GB of RAM and integrated Intel UHD 630 4K graphics. Pricing starts at $799.

The first beta for service pack 5 of SUSE Linux Enterprise 12 is out and available. It contains updated drivers, a new version of the OpenJDK, support for Intel Optane memory and more.

NVIDIA binary drivers for Ubuntu have grown a bit stale, which is pushing developers to update the drivers for Ubuntu 19.10.

DragonFly BSD version 5.6 is officially released with improvements in the management of virtual memory, updates and bug fixes to both the DRM code and especially to the HAMMER2 filesystem and much more.

Qt version 5.12.4 is available with support for OpenSSL version 1.1.1 and about 250 bug fixes.

News Slimbook Hardware SUSE NVIDIA Ubuntu DragonFly BSD qt
Categories: Linux News

Android Low-Memory Killer--In or Out?

Linux Journal - 14 hours 21 min ago
by Zack Brown

One of the jobs of the Linux kernel—and all operating system kernels—is to manage the resources available to the system. When those resources get used up, what should it do? If the resource is RAM, there's not much choice. It's not feasible to take over the behavior of any piece of user software, understand what that software does, and make it more memory-efficient. Instead, the kernel has very little choice but to try to identify the software that is most responsible for using up the system's RAM and kill that process.

The official kernel does this with its OOM (out-of-memory) killer. But, Linux descendants like Android want a little more—they want to perform a similar form of garbage collection, but while the system is still fully responsive. They want a low-memory killer that doesn't wait until the last possible moment to terminate an app. The unspoken assumption is that phone apps are not so likely to run crucial systems like heart-lung machines or nuclear fusion reactors, so one running process (more or less) doesn't really matter on an Android machine.

A low-memory killer did exist in the Linux source tree until recently. It was removed, partly because of the overlap with the existing OOM code, and partly because the same functionality could be provided by a userspace process. And, one element of Linux kernel development is that if something can be done just as well in userspace, it should be done there.

Sultan Alsawaf recently threw open his window, thrust his head out, and shouted, "I'm mad as hell, and I'm not gonna take this anymore!" And, he re-implemented a low-memory killer for the Android kernel. He felt the userspace version was terrible and needed to be ditched. Among other things, he said, it killed too many processes and was too slow. He felt that the technical justification of migrating to the userspace dæmon had not been made clear, and an in-kernel solution was really the way to go.

In Sultan's implementation, the algorithm was simple—if a memory request failed, then the process was killed—no fuss, no muss and no rough stuff.

There was a unified wall of opposition to this patch. So much so that it became clear that Sultan's main purpose was not to submit the patch successfully, but to light a fire under the asses of the people maintaining the userspace version, in hopes that they might implement some of the improvements he wanted.

Michal Hocko articulated his opposition to Sultan's patch very clearly—the Linux kernel would not have two separate OOM killers sitting side by side. The proper OOM killer would be implemented as well as could be, and any low-memory killers and other memory finaglers would have to exist in userspace for particular projects like Android.

Go to Full Article
Categories: Linux News

Linux on things that don't normally have Linux

Linux Journal - 21 hours 3 min ago

Please support Linux Journal by subscribing or becoming a patron.

Categories: Linux News

FreeBSD 11.3-RC1 Available, Lenovo ThinkPad P To Come With Ubuntu Pre-Installed, Star Labs Now Offers Zorin OS On Laptops, Remote Monitoring Software Pulseway v6.3.3 Released, PCLinuxOS KDE Full Edition 2019.06, Linux Kernel Update

Linux Journal - Mon, 06/17/2019 - 09:11

FreeBSD 11.3-RC1 is now officially available with installation images for amd64, i386, aarch64, armv6 and more. This release contains mostly bug fixes.

If you are looking for a new laptop with Linux support out-of-box, the Lenovo ThinkPad P series will have Ubuntu 18.04 pre-installed. They will go on sale later this month in the US.

Speaking of laptops, the folks over at Zorin OS are teaming up with UK-based Star Labs to produce a beautiful computing experience. Starting on June 21st, Star Labs will be offering Zorin OS 15 as an option for pre-installed images on a variety of the their laptops.

Real-time remote monitoring and management software, Pulseway version 6.3.3 was released. Key updates include a large number of additional third party titles, the ability to export reports in CSV format, and remote desktop file transfer.

PCLinuxOS KDE Full Edition 2019.06 is now out boasting a Linux 5.1.10 kernel, KDE Applications 19.04.2, KDE Frameworks 5.59.0, KDE Plasma 5.16.0 and more.

With the released of the latest release candidate in the Linux kernel 5.2-rc5, Linus sees a light at the end of the tunnel: "But the good news is that we're getting to the later parts of the rc series, and things do seem to be calming down. I was hoping rc5 would end up smaller than rc4, and so it turned out."  You can view a complete list of changes here.

News
Categories: Linux News

Filesystem Hierarchy Standard

Linux Journal - Mon, 06/17/2019 - 06:00
by Kyle Rankin

What are these weird directories, and why are they there?

If you are new to the Linux command line, you may find yourself wondering why there are so many unusual directories, what they are there for, and why things are organized the way they are. In fact, if you aren't accustomed to how Linux organizes files, the directories can seem downright arbitrary with odd truncated names and, in many cases, redundant names. It turns out there's a method to this madness based on decades of UNIX convention, and in this article, I provide an introduction to the Linux directory structure.

Although each Linux distribution has its own quirks, the majority conform (for the most part) with the Filesystem Hierarchy Standard (FHS). The FHS project began in 1993, and the goal was to come to a consensus on how directories should be organized and which files should be stored where, so that distributions could have a single reference point from which to work. A lot of decisions about directory structure were based on traditional UNIX directory structures with a focus on servers and with an assumption that disk space was at a premium, so machines likely would have multiple hard drives.

/bin and /sbin

The /bin and /sbin directories are intended for storing binary executable files. Both directories store executables that are considered essential for booting the system (such as the mount command). The main difference between these directories is that the /sbin directory is intended for system binaries, or binaries that administrators will use to manage the system.

/boot

This directory stores all the bootloader files (these days, this is typically GRUB), kernel files and initrd files. It's often treated as a separate, small partition, so that the bootloader can read it more easily. With /boot on a separate partition, your root filesystem can use more sophisticated features that require kernel support whether that's an exotic filesystem, disk encryption or logical volume management.

/etc

The /etc directory is intended for storing system configuration files. If you need to configure a service on a Linux system, or change networking or other core settings, this is the first place to look. This is also a small and easy-to-back-up directory that contains most of the customizations you might make to your computer at the system level.

/home

The /home directory is the location on Linux systems where users are given directories for storing their own files. Each directory under /home is named after a particular user's user name and is owned by that user. On a server, these directories might store users' email, their SSH keys, or sometimes even local services users are running on high ports.

Go to Full Article
Categories: Linux News

Webinar: Operationalizing DevSecOps

Linux Journal - Sun, 06/16/2019 - 08:42
by Carlie Fairchild

In this webinar, Twistlock's James Jones and Linux Journal's Katherine Druckman discuss hardening your DevOps environments and processes. Topics covered:

  • The keys to DevSecOps success
  • Tangible benefits of DevSecOps
  • Steps and tools involved with building, shipping, and running containers
  • DevSecOps creates a feedback loop
  • Seven steps to containers
  • And more

Register to watch this webinar on-demand: 

https://zoom.us/webinar/register/WN_h6Z3aGxtQzSdHIa2kFv_VA

Go to Full Article
Categories: Linux News

Canonical Announces Embedded Computer Manifold 2 for Drone Developers, Request For Help Testing Snap Package, PHP v7.4.0 Available, PyCharm 2019.2 EAP3 Released, Talks To Port Over Microsoft's Chromium-Based Edge browser To Linux

Linux Journal - Fri, 06/14/2019 - 07:51

Yesterday, Canonical, the company behind Ubuntu announced the availability of Manifold 2, a high-performance embedded computer offered by leading enterprise drone manufacturer, DJI. This availability will allow developers access to containerized software packages (e.g. Snaps), allowing for infinite evolution and functionality changes.

It looks as if Ubuntu is transitioning the Chromium Debian package to a Snap one. The community behind this effort is asking for assistance in testing the Snap package.

The first alpha release of PHP version 7.4.0 is now available. And while it contains a large list of bug fixes and feature enhancements, remember, it is an unstable build and should not be used in production.

PyCharm 2019.2 EAP3 is officially released with support for Python Positional-Only Parameters (PEP-570), Restart Kernel Action and more.

There are talks but at the same time, there are not talks to port over Microsoft's Chromium-based Edge browser to Linux. Its developers say that it may happen in the near future but they are too busy to do it today.

News
Categories: Linux News

Wickr: Redefining the Messaging Platform, an Interview with Co-Founder, Chris Howell

Linux Journal - Fri, 06/14/2019 - 06:30
by Petros Koutoupis

In the modern era, messaging applications are a constant target for attackers, exposing vulnerabilities, disclosing sensitive information of nation states and insider-employee inappropriate behaviors or practices. There is a constant need to prioritize one's cybersecurity and upgrade one's infrastructure to the latest and greatest of defensive technologies. However, the messaging tools that these same organizations tend to rely on often are the last to be secured, if at all. This is where Wickr comes in. Wickr is an instant-messaging application and platform offering end-to-end encryption and content-expiring messages. Its parent company of the same name takes security seriously and has built a product to showcase that. I was able chat with co-founder and CTO, Chris Howell, who was gracious enough to provide me with more information on what Wickr can achieve, how it works and who would benefit from it.

Petros Koutoupis: Please introduce yourself and tell us about your role at Wickr.

Chris Howell: I'm co-founder/CTO and responsible for technical strategy, security and product design. You can read my full bio here.

Petros: What do you see as a weak point in today's messaging apps?

Chris: By far, at least when it comes to security, the weak point of virtually all messaging apps to date (and all other apps and services, really) is that they're built with the assumption that users will have to trust the service. The problem with that way of thinking is can we really trust the service? That's not to say there are bad people running them, necessarily, but how many breaches (for example, Equifax 2017) or abuses (for example, Snapchat 2019) do we need to see to answer that question? Once the service is built that way, messaging users generally suffer in two ways. First, at some key point on their way to the recipient, messages are readable by some number of folks beyond the recipient. Now, the service typically will point to various security certifications and processes to make us feel okay about that, but in most cases where there are humans involved, what can happen will happen, and whatever controls are put in place to limit access to user data amount to little more than a pinky promise—which when broken, of course, leaves the user with a loss of privacy and security. Second, having been so trusted, the service typically prioritizes "virility" and its own growth over the users' need to control their own data, leading to behavior like scanning message content for marketing purposes, retaining messages longer than necessary, and abusing contacts to aid the growth of the service.

Petros: How does Wickr help address that?

Go to Full Article
Categories: Linux News

Atari Opens Pre-Orders to VCS Retro Gaming Console, Gimp v2.10.12 Released, Distro-Specific Store Pages For Snap Apps Launches, Preview For Built-In Linux Kernel for Windows 10 Available in WSL 2, fs-verity Module MAY Merge Into Mainline Kernel

Linux Journal - Thu, 06/13/2019 - 09:44

Atari has officially opened up pre-orders to the VCS retro gaming console for $250. New orders are expected to be fulfilled by March 2020.

Gimp version 2.10.12 has officially been released and it mostly contains bug fixes, most of which were introduced in the large release of version 2.10.10. There are also some noteworthy improvements which include an improved Curves tool, layers support for TIFF exporting and more.

While the Snap format is intended to run on many other Linux distributions, the Snapcraft team is creating a more inviting and improved experience [for non-Ubuntu users] by launching distro-specific store pages for Snap apps.

The preview for the built-in Linux kernel for Windows 10 is officially available in the new Windows Subsystem for Linux 2 (WSL 2). WSL 2 was announced back in May during the Microsoft's Build developer conference and is based on version 4.19 of the Linux kernel.

A new version of the fs-verity module MAY eventually find its way merged into the mainline kernel. The purpose of this module is to make individual files read-only and enable the kernel to detect modifications made on or offline. The new patch set was posted on May 23 and the story behind it can be found here.

News
Categories: Linux News

FOSS Project Spotlight: OpenNebula

Linux Journal - Thu, 06/13/2019 - 07:00
by Michael Abdou

OpenNebula recently released its latest version, 5.8 "Edge", which now offers pivotal capabilities to allow users to extend their cloud infrastructure to the Edge easily and effectively.

Why OpenNebula?

For anyone looking for an open-source, enterprise solution to orchestrate data-center virtualization and cloud management with ease and flexibility, OpenNebula is a fine candidate that includes:

  • On-demand provisioning of virtual data centers.
  • Features like capacity management, resource optimization, high availability and business continuity.
  • The ability to create a multi-tenant cloud layer on various types of newly built or existing infrastructure management solutions (such as VMware vCenter).
  • The flexibility to create federated clouds across disparate geographies, as well as hybrid cloud solutions integrating with public cloud providers like AWS and Microsoft Azure.

And, it's lightweight, easy to install, infrastructure-agnostic and thoroughly extensible.

Figure 1. High-Level Features

Check here for a more detailed look at OpenNebula features.

New Features in 5.8 "Edge"

With the current conversation shifting away from centralized cloud infrastructure and refocusing toward bringing the computing power closer to the users in a concerted effort to reduce latency, OpenNebula's 5.8 "Edge" release is a direct response to the evolving computing and infrastructure needs, and it offers fresh capabilities to extend one's cloud functionality to the edge. Gaming companies, among others, who have been using OpenNebula were of the first to push for these features (yet they don't have the be the only ones to benefit from them).

LXD Container Support

In addition to supporting KVM hypervisors, as well as offering a cloud management platform for VMware vCenter server components, OpenNebula now provides native support for LXD containers as well. The virtues offered by LXD container support allow users and organizations to benefit from:

  • A smaller space footprint and smaller memory.
  • Lack of virtualized hardware.
  • Faster workloads.
  • Faster deployment times.

From a compatibility perspective, OpenNebula 5.8 and LXD provide the following:

Go to Full Article
Categories: Linux News

Endless OS 3.6.0 Released, Wind River Announces Enhancements to Wind River Linux, Arch Linux 2019.06.01 Is Out, NGD Systems Announces the Newport M.2 SSD and IBM Launches AutoAI for Watson Studio

Linux Journal - Wed, 06/12/2019 - 08:31

News briefs for June 12, 2019.

Endless OS 3.6.0 has been released. This release has "updated the base OS packages to the latest versions from Debian 'buster' (the forthcoming stable release), most desktop components to the versions from GNOME 3.32, and Linux kernel 5.0." It also includes many new features, performance improvements and bug fixes. Go here to download.

Wind River announces the latest enhancements to Wind River Linux: "This release delivers technology to ease adoption of containers in embedded systems. It provides resources such as pre-built containers, tools, and documentation as well as support for frameworks such as Docker and Kubernetes, all of which can help embedded system developers in their journey to leverage or deploy cloud-native development approaches, especially relevant for appliances at the network edge. Wind River Linux is freely available for download."

Arch Linux 2019.06.01 has been released, marking the first ISO snapshot to ship with a kernel from the 5.1 series. Go here for download/update instructions. Softpedia News reports that the updated kernel means "more preparations for the year 2038, more scalable and faster asynchronous I/O, support for configuring Zstd compression levels in the Btrfs file system, better file system monitorization, and a new cpuidle governor called TEO."

NGD Systems announces the Newport M.2 SSD. According to Blocks and Files, "the Newport M.2 offers 4TB or 8TB of storage in the M.2 22110 form factor — 22mm by 110mm. NGD claims this is twice the capacity of the next largest available M.2 NVMe SSDs, with an average power consumption of less than 1w per TB. The host interface is NVMe 1.3 PCIe Gen 3.0 x4." NGD claims that "The Newport M.2 provides high-performance, high-capacity, low-latency processing for edge computing applications that cannot afford a cluster of 1U or 2U servers to do their processing, whether due to size, power, or compute performance."

IBM adds new automation capabilities to Watson Studio with AutoAI. The press release states that AutoAI is "a new set of capabilities for Watson Studio designed to automate many of the often complicated and laborious tasks associated with designing, optimizing and governing AI in the enterprise. As a result, data scientists can be freed up to dedicate more time to designing, testing and deploying machine learning (ML) models — the work of AI."

News Endless OS Distributions Wind River Arch Linux Storage NVMe IBM AI
Categories: Linux News

Why Smart Cards Are Smart

Linux Journal - Wed, 06/12/2019 - 06:30
by Kyle Rankin

If you use GPG keys, learn about the benefits to storing them on a smart card.

GPG has been around for a long time and is used to secure everything from your email to your software. If you want to send an email to someone and be sure that no one else can read or modify it, GPG signing and encryption are the main method you'd use. Distributions use GPG to sign their packages, so you can feel confident that the ones you download and install from a package mirror have not been modified from their original state. Developers in many organizations follow the best practice of GPG-signing any code they commit to a repository. By signing their commits, other people can confirm that the changes that claim to come from a particular developer truly did. Web-based Git front ends like GitHub and GitLab let users upload their GPG public keys, so when they do commit signed code, the interface can display to everyone else that it has been verified.

Yet, all of the security ultimately comes down to the security of your private key. Once others have access to your private key, they can perform all of the same GPG tasks as though they were you. This is why you are prompted to enter a passphrase when you first set up a GPG key. The idea is that if attackers are able to copy your key, they still would need to guess your password before they could use the key. For all of the importance of GPG key security, many people still just leave their keys in ~/.gnupg directories on their filesystem and copy that directory over to any systems where they need to use GPG.

There is a better way. With OpenPGP smart cards, you can store your keys on a secure device that's protected with a PIN and not only store your keys more securely, but also use them more conveniently. Although some laptops come with integrated smart card readers, most don't. Thankfully, these devices are available as part of multi-function USB security token devices from a number of different vendors, and Linux Journal has published reviews of such products in the past. In this article, I discuss all the reasons OpenPGP smart cards are a better choice for storing your keys than your local filesystem.

Reason 1: Tamper-proof Key Storage

One of the main benefits of a smart card is that it stores your GPG keys securely. When you store your keys on a filesystem, anyone who can access that filesystem can copy off the keys. On a smart card, once keys go in, they never leave, neither accidentally nor from tampering. The smart card chips themselves are designed to be tamper-proof and resist attempts to extract key data even when someone has physical access. By putting keys on a smart card, you can have a reasonable assurance that your keys are safe, even from a determined attacker.

Go to Full Article
Categories: Linux News

MariaDB Enterprise Server 10.4 Now Available, Pulumi Announces Pulumi Crosswalk for AWS, KDE Launches Plasma 5.16, IBM Announces Its List of Women Pioneers for AI in Business and Microway Provides Clemson University with an NVIDIA DGX-2 Supercomputer

Linux Journal - Tue, 06/11/2019 - 08:18

News briefs for June 10, 2019.

MariaDB today announces the release of MariaDB Enterprise Server 10.4, "code-named 'Restful Nights' for the peace of mind it brings enterprise customers". The press release notes that this version "is a new, hardened and secured Server (different from MariaDB Community Server aka MariaDB Server) and has never been available before. MariaDB Enterprise Server 10.4 includes features not available in the community version that are focused on solving enterprise customer needs, providing them with greater reliability, stability and long-term support in production environments."

Pulumi today announces the availability of Pulumi Crosswalk for Amazon Web Services, "an open source framework that streamlines defining and deploying modern AWS applications and infrastructure with built-in AWS Best Practices. Using Pulumi Crosswalk, cloud engineers -- including developers, operators and teams -- are able to use familiar programming languages and tools to take ideas to production more productively and safely while bypassing many of the traditional barriers to modern cloud engineering." Go here to learn more about Pulumi Crosswalk and try it for free.

KDE today launches the latest version of its desktop environment, Plasma 5.16. This release features many changes, such as a completely rewritten notification system including a Do Not Disturb Mode, themes have been greatly improved, widgets have been modernized, and now when any app accesses your microphone, and icon appears in the system tray to warn you. In addition, "Plasma 5.16 is also spectacular to look at, with our new wallpaper called Ice Cold. Designed by Santiago Cézar, it is the winner of a contest with more than 150 entries." See the Release Announcement and Complete Changelog for all the details.

IBM today announces the first recipients and list of global women leaders and pioneers in AI for business. From the press release: "The list recognizes and celebrates women across a variety of industries and geographies for pioneering the use of AI to advance their companies in areas such as innovation, growth, and transformation." Go here to learn more about the pioneering women in AI.

Microway announces it has provided an NVIDIA DGX-2 supercomputer to Clemson University. From the press release: "The system deploys with NVIDIA's Deep Learning software—and was ready to train models immediately after installation. DGX-2's NGC software stack was installed by Microway experts and supports all major AI frameworks as well as offers containers for a variety of HPC applications." At Clemson, the DGX-2 will "empower researchers in disciplines such as computational math, statistics, operations research, and mechanical and industrial engineering to analyze vast datasets with exceptional ease. Initial projects include research on medical imaging, drone control, autonomous driving, and ocean dynamics. The resource will be available to all faculty, staff, and students." For more information, see this post on Newsstand.

News MariaDB Pulumi AWS KDE Plasma IBM Microway
Categories: Linux News

Securing the Kernel Stack

Linux Journal - Tue, 06/11/2019 - 07:00
by Zack Brown

The Linux kernel stack is a tempting target for attack. This is because the kernel needs to keep track of where it is. If a function gets called, which then calls another, which then calls another, the kernel needs to remember the order they were all called, so that each function can return to the function that called it. To do that, the kernel keeps a "stack" of values representing the history of its current context.

If an attacker manages to trick the kernel into thinking it should transfer execution to the wrong location, it's possible the attacker could run arbitrary code with root-level privileges. Once that happens, the attacker has won, and the computer is fully compromised. And, one way to trick the kernel this way is to modify the stack somehow, or make predictions about the stack, or take over programs that are located where the stack is pointing.

Protecting the kernel stack is crucial, and it's the subject of a lot of ongoing work. There are many approaches to making it difficult for attackers to do this or that little thing that would expose the kernel to being compromised.

Elena Reshetova is working on one such approach. She wants to randomize the kernel stack offset after every system call. Essentially, she wants to obscure the trail left by the stack, so attackers can't follow it or predict it. And, she recently posted some patches to accomplish this.

At the time of her post, no specific attacks were known to take advantage of the lack of randomness in the stack. So Elena was not trying to fix any particular security hole. Rather, she said, she wanted to eliminate any possible vector of attack that depended on knowing the order and locations of stack elements.

This is often how it goes—it's fine to cover up holes as they appear, but even better is to cover a whole region so that no further holes can be dug.

There was a lot of interest in Elena's patch, and various developers made suggestions about how much randomness she would need, and where she should find entropy for that randomness, and so on.

In general, Linus Torvalds prefers security patches to fix specific security problems. He's less enthusiastic about adding security to an area where there are no exploits. But in this case, he may feel that Elena's patch adds a level of security that wasn't there before.

Security is always such a nightmare. Often, a perfectly desirable feature may have to be abandoned, not because it's not useful, but because it creates an inherent insecurity. Microsoft's operating system and applications often have suffered from making the wrong decisions in those cases—choosing to implement a cool feature in spite of the fact that it could not be done securely. Linux, on the other hand, and the other open-source systems like FreeBSD, never make that mistake.

Go to Full Article
Categories: Linux News

IPFire 2.23 - Core Update 132 Released with Important Security Fixes, Kernel 5.2-rc4 Is Out, Akraino Edge Stack Release 1.0 Is Now Available, KDE Announces Its Google Summer of Code Students and Google Assistant Now Works with Waze

Linux Journal - Mon, 06/10/2019 - 09:02

News briefs for June 10, 2019.

IPFire 2.23 - Core Update 132 was released recently. This update includes security fixes and improvements to help secure systems vulnerable to some recent problems with Intel processors, specifically RIDL, Fallout and ZombieLoad. From the release announcement: "Two new types of vulnerabilities have been found in Intel processors. They cannot be fixed unless the hardware is changed, but can be somewhat mitigated through some changes in the Linux kernel (4.14.120) and an update microcode (version 20190514). Both is shipped in this release. Additionally, to mitigate this bug which cannot be fixed at all, SMT is disabled by default on all affected processors which has significant performance impacts." In addition, this release includes a new GUI that shows you which attacks your hardware may be vulnerable to and whether mitigations are in place. Go here to download.

Linux kernel 5.2-rc4 was released on Saturday. Linus Torvalds writes, "We've had a fairly calm release so far, and on the whole that seems to hold. rc4 isn't smaller than rc3 was (it's a bit bigger), but rc3 was fairly small, so the size increase isn't all that worrisome. I do hope that we'll start actually shrinking now, though. The SPDX conversions do continue to stand out, and make the diffstat a bit noisy. They don't affect actual code, so it's not like we should have any issues with them, but it makes the patch statistics look a bit odd." See the LKML post for more information.

Akraino Edge Stack Release 1.0 is now available. Light Reading reports that "Akraino's premiere release unlocks the power of intelligent edge with deployable, self-certified blueprints for a diverse set of edge use cases." In addition, "Akraino R1 delivers the first iteration towards new levels of flexibility to scale edge cloud services quickly, maximize efficiency, and deliver high availability for deployed services. It delivers a deployable and fully functional edge stack for edge use cases ranging from Industrial IoT, Telco 5G Core & vRAN, uCPE, SDWAN, edge media processing, and carrier edge media processing. As the premiere release, it opens doors to further enhancements and development to support edge infrastructure." For more information, go to https://www.lfedge.org.

KDE announces its Google Summer of Code students for 2019. There are too many to list here, so see the announcement for the list of students and projects they are working on.

Google Assistant now can offer navigation suggestions in Waze for Android users, so you can report on traffic without needing to touch your screen. According to Engadget, this feature is available only in the US for English at the moment.

News IPFire Security Intel kernel Akraino Edge Stack KDE Google Android Mobile
Categories: Linux News

Data in a Flash, Part III: NVMe over Fabrics Using TCP

Linux Journal - Mon, 06/10/2019 - 06:00
by Petros Koutoupis

A remote NVMe block device exported via an NVMe over Fabrics network using TCP.

Version 5.0 of the Linux kernel brought with it many wonderful features, one of which was the introduction of NVMe over Fabrics (NVMeoF) across native TCP. If you recall, in the previous part to this series ("Data in a Flash, Part II: Using NVMe Drives and Creating an NVMe over Fabrics Network", I explained how to enable your NVMe network across RDMA (an Infiniband protocol) through a little method referred to as RDMA over Converged Ethernet (RoCE). As the name implies, it allows for the transfer of RDMA across a traditional Ethernet network. And although this works well, it introduces a bit of overhead (along with latencies). So when the 5.0 kernel introduced native TCP support for NVMe targets, it simplifies the method or procedure one needs to take to configure the same network, as shown in my last article, and it also makes accessing the remote NVMe drive faster.

Software Requirements

To continue with this tutorial, you'll need to have a 5.0 Linux kernel or later installed, with the following modules built and inserted into the operating systems of both your initiator (the server importing the remote NVMe volume) and the target (the server exporting its local NVMe volume):

# NVME Support CONFIG_NVME_CORE=y CONFIG_BLK_DEV_NVME=y # CONFIG_NVME_MULTIPATH is not set CONFIG_NVME_FABRICS=m CONFIG_NVME_RDMA=m # CONFIG_NVME_FC is not set CONFIG_NVME_TCP=m CONFIG_NVME_TARGET=m CONFIG_NVME_TARGET_LOOP=m CONFIG_NVME_TARGET_RDMA=m # CONFIG_NVME_TARGET_FC is not set CONFIG_NVME_TARGET_TCP=m

More specifically, you need the module to import the remote NVMe volume:

CONFIG_NVME_TCP=m

And the module to export a local NVMe volume:

CONFIG_NVME_TARGET_TCP=m

Before continuing, make sure your physical (or virtual) machine is up to date. And once you verify that to be the case, make sure you are able to see all locally connected NVMe devices (which you'll export across your network):

$ cat /proc/partitions |grep -e nvme -e major major minor #blocks name 259 0 3907018584 nvme2n1 259 1 3907018584 nvme3n1 259 2 3907018584 nvme0n1 259 3 3907018584 nvme1n1

If you don't see any connected NVMe devices, make sure the kernel module is loaded:

petros@ubu-nvme1:~$ lsmod|grep nvme nvme 32768 0 nvme_core 61440 1 nvme

The following modules need to be loaded on the initiator:

$ sudo modprobe nvme $ sudo modprobe nvme-tcp

And, the following modules need to be loaded on the target:

Go to Full Article
Categories: Linux News

Episode 20: Advertising is Broken, but Linux Isn't.

Linux Journal - Fri, 06/07/2019 - 10:51
Your browser does not support the audio element. Reality 2.0 - Episode 20: Advertising is Broken, but Linux Isn't.

Katherine Druckman and Doc Searls talk to Don Marti, of Mozilla and formerly of Linux Journal, about ad technology, privacy, and the Linux community.

Links Mentioned:

Categories: Linux News

RHEL 7.7 Beta Is Now Available, Kdenlive 19.04.2 Is Out, Vampire: The Masquerade - Coteries of New York to Support Linux, IceWM 1.5.5 Released and the Document Foundation Announces New "What Can I Do for LibreOffice" Website

Linux Journal - Fri, 06/07/2019 - 09:08

News briefs for June 7, 2019.

Red Hat Enterprise Linux 7.7 beta is now available. This version is the final release in the Full Support Phase of RHEL 7 and includes many enhancements and bug fixes. Updates include support for the latest generation of enterprise hardware and remediation for the Microarchitectural Data Sampling (MDS)/ZombieLoad vulnerabilities. See the release notes for more details.

Kdenlive version 19.04.2 is out. Highlights of this release include 77 bug fixes as well as "fixes for compositing issues, misbehaving guides/markers and grouping inconsistencies". You can get the AppImage here.

Vampire: The Masquerade - Coteries of New York will support Linux. GamingOnLinux quotes developer Draw Distance who says the game will be a "unique, atmospheric, single-player narrative experience, set in a rich, fully licensed, globally recognized universe of Vampire: The Masquerade 5th Edition". It's scheduled to be released on Steam in Q4 2019.

IceWM 1.5.5 has been released. This version of the window manager contains many bug fixes and portability fixes. Other improvements include updated translations, new manual pages and updated documentation, new quickswitch, new hotkeys, new focus behavior and much more. See the GitHub page for more details.

The Document Foundation announces a new website, "What can I do for LibreOffice". From the announcement: "In 'What can I do for LibreOffice', visitors are asked what they're interested in, and pointed to resources to get started. So instead of large web pages with walls of text, visitors can click around and find something that catches their eyes. The website source is on Gerrit if anyone has suggestions for updates or additions, and the site can be translated too."

News Red Hat RHEL Kdenlive gaming IceWM LibreOffice
Categories: Linux News

Digital Will, Part I: Requirements

Linux Journal - Fri, 06/07/2019 - 07:30
by Kyle Rankin

Digital assets are becoming as important as physical assets, so how do you manage them after you die?

When you lose a member of your family, you may find yourself at some point thinking about your own mortality, which then may lead you to think through preparations for your own death. I lost my father recently, but years before his death, he set up a will that described how to manage his estate, but he also made sure to share with me login details for his important financial accounts so I would have access when the time came. When the time did come to put his plans into practice, those details were invaluable.

All of this made me realize just how complicated it would be for someone to manage my own accounts in the event of my death, especially considering how much effort I've gone through to secure my computers and accounts. After all, unlike my dad, I don't use the same password for everything. What I realized I needed was the equivalent of a digital will: instructions and credentials so my next of kin had everything they needed to access my accounts and manage my affairs. In this first article of what will be a two-part series, I describe the requirements and plans to create a digital will in a way that would be manageable for my next of kin while also not negatively affecting the security of my accounts. The second part of the article will describe how I implemented these plans.

Defining Terms

This digital will is based on many of the ideas behind a traditional will, and I intend on borrowing a lot of the framework and terms instead of "re-inventing the will". To get started, let me define a few terms, but I should make it clear that I'm not an attorney, so these are just loose definitions to describe how some common terms used in a will might be applied to this digital will:

Go to Full Article
Categories: Linux News

Zorin OS 15 Released, Canonical Issues Security Updates for All Supported Versions of Ubuntu Linux, New RCE Vulnerability Discovered Affecting Email Servers, Khadas VIM3 Launching Soon and Krita's Digital Atelier on Sale

Linux Journal - Thu, 06/06/2019 - 08:47

News briefs for June 6, 2019.

Zorin OS 15 has been released. From the announcement for this new major version: "Every aspect of the user experience has been re-considered and refined in this new release, from how apps are installed, to how you get work done, to how it interacts with the devices around you. The result is a desktop experience that combines the most powerful desktop technology with the most user-friendly design." Go here to download.

Canonical yesterday released important security updates for all supported versions of Ubuntu Linux. Update immediately if you haven't done so already. According to Softpedia News, "If you're using Ubuntu, you must update the kernel as soon as possible to patch these security issues. The new Linux kernel versions are linux-image 5.0.0-16.17 for Ubuntu 19.04, linux-image 4.18.0-21.22 for Ubuntu 18.10, linux-image 4.15.0-51.55 for Ubuntu 18.04 LTS, linux-image 4.4.0-150.176 for Ubuntu 16.04 LTS, linux-image 4.18.0-21.22~18.04.1 for Ubuntu 18.04.2 LTS, and linux-image 4.15.0-51.55~16.04.1 for Ubuntu 16.04.6 LTS."

A new RCE (remote command execution) vulnerability is affecting almost half of the internet's email servers. ZDNet reports that the Qualys security firm "found a very dangerous vulnerability in Exim installations running versions 4.87 to 4.91. The vulnerability is described as a remote command execution—different, but just as dangerous as a remote code execution flaw—that lets a local or remote attacker run commands on the Exim server as root."

The Khadas VIM3, an Amlogic S922X-powered Raspberry Pi-competitor, is launching on June 24. According to Notebook Check, the Khadas VIM3 will run Android 9.0 Pie, LibreELEC or Ubuntu. The company will initially launch two boards, the Basic and Pro, for $69.99 and $99.99, respectively. In addition, "Khadas has also integrated a neural processing unit (NPU), which it claims can process up to 2.5 tera operations per second (TOPS). The company has revealed the back of the board too, which houses the microSD card slot, MIPI CSI camera connector, along with the MIPI DSI and TP connectors for linking the VIM3 with an external monitor."

To celebrate its new release, Krita is offering "a 50% off sale of Digital Atelier, Ramon Miranda's painterly brushes and tutorials pack for the rest of this month!" Digital Atelier includes more than 50 new brush presets, more than 30 new brush tips, new patterns and surfaces, and almost two hours of video tutorial. You can get Digital Atelier in the Krita shop.

News Zorin OS Canonical Ubuntu Security SBCs Khadas Krita
Categories: Linux News
Syndicate content