Skip to main content

Linux News

The Academy of Motion Picture Arts and Sciences and The Linux Foundation Launched the Academy Software Foundation, Linux 4.18 and GNU Linux-libre 4.18-gnu Kernels Are Out, DXVK 0.65 Released and Canonical Live Patch Update

Linux Journal - Mon, 08/13/2018 - 08:16

News briefs for August 13, 2018.

The Academy of Motion Picture Arts and Sciences and The Linux Foundation launched the Academy Software Foundation late last week. The ASF's mission is to "increase the quality and quantity of contributions to the content creation industry's open source software base; to provide a neutral forum to coordinate cross-project efforts; to provide a common build and test infrastructure; and to provide individuals and organizations a clear path to participation in advancing our open source ecosystem". Interested developers can sign up to join the mailing list here.

The Linux 4.18 kernel is out. See this Phoronix post for a list of the best features of this new kernel.

And, the GNU Linux-libre 4.18-gnu deblobbed version, which removes all non-free components from Linux, is now available as well. You can find dources and tarballs here.

DXVK 0.65, a Vulkan-based library for running Direct3D 11 games in Wine, has been released. According to GamingOnLinux, the new version provides "better configuration for various games out of the box", along with several other fixes.

Canonical recently released a new Linux kernel live patch for all of its supported Ubuntu Linux operating system releases to address various security vulnerabilities, including the recent TCP flaw (CVE-2018-5390) and a few others (CVE-2018-13405, CVE-2018-13094, CVE-2018-1094 and CVE-2018-11506). Update now if you haven't already. (Source: Softpedia News.)

News The Linux Foundation open source gaming kernel Security Canonical Ubuntu
Categories: Linux News

Encrypting NFSv4 with Stunnel TLS

Linux Journal - Mon, 08/13/2018 - 06:30
by Charles Fisher

NFS clients and servers push file traffic over clear-text connections in the default configuration, which is incompatible with sensitive data. TLS can wrap this traffic, finally bringing protocol security. Before you use your cloud provider's NFS tools, review all of your NFS usage and secure it where necessary.

The Network File System (NFS) is the most popular file-sharing protocol in UNIX. Decades old and predating Linux, the most modern v4 releases are easily firewalled and offer nearly everything required for seamless manipulation of remote files as if they were local.

The most obvious feature missing from NFSv4 is native, standalone encryption. Absent Kerberos, the protocol operates only in clear text, and this presents an unacceptable security risk in modern settings. NFS is hardly alone in this shortcoming, as I have already covered clear-text SMB in a previous article. Compared to SMB, NFS over stunnel offers better encryption (likely AES-GCM if used with a modern OpenSSL) on a wider array of OS versions, with no pressure in the protocol to purchase paid updates or newer OS releases.

NFS is an extremely common NAS protocol, and extensive support is available for it in cloud storage. Although Amazon EC2 supports clear-text and encrypted NFS, Google Cloud makes no mention of data security in its documented procedures, and major initiatives for the protocol recently have been launched by Microsoft Azure and Oracle Cloud that raise suspicion. When using these features over untrusted networks (even within the hosting provider), it must be assumed that vulnerable traffic will be captured, stored and reconstituted by hostile parties should they have the slightest interest in the content. Fortunately, wrapping TCP-based NFS with TLS encryption via stunnel, while not obvious, is straightforward.

The performance penalty for tunneling NFS over stunnel is surprisingly small—transferring an Oracle Linux Installation ISO over an encrypted NFSv4.2 connection is well within 5% of the speed of clear text. Even more stunning is the performance of fuse-sshfs, which appears to beat even clear-text NFSv4.2 in transfer speed. NFS remains superior to sshfs in reliability, dynamic idmap and resilience, but FUSE and OpenSSH delivered far greater performance than expected.

Go to Full Article
Categories: Linux News

Weekend Reading: All Things Bash

Linux Journal - Sat, 08/11/2018 - 09:45
by Carlie Fairchild

Bash is a shell and command language. It is distributed widely as the default login shell for most Linux distributions. We've rounded up some of the most popular Bash-related articles for your weekend reading.

Create Dynamic Wallpaper with a Bash Script

By Patrick Wheelan

Harnessthe power of bash and learn how to scrape websites for exciting new images every morning.


Developing Console Applications with Bash

By Andy Carlson

Bring the power of the Linux command line into your application development process.


Parsing an RSS News Feed with a Bash Script

By Jim Hall

I can automate an hourly job to retrieve a copy of an RSS feed, parse it, and save the news items to a local file that the website can incorporate. That reduces complexity on the website, with only a little extra work by parsing the RSS news feed with a Bash script.


Hacking a Safe with Bash

By Adam Kosmin

Being a minimalist, I have little interest in dealing with GUI applications that slow down my work flow or application-specific solutions (such as browser password vaults) that are applicable only toward a subset of my sensitive data. Working with text files affords greater flexibility over how my data is structured and provides the ability to leverage standard tools I can expect to find most anywhere.


Graph Any Data with Cacti!

By Shawn Powers

Cacti is not a new program. It's been around for a long time, and in its own way, it's a complicated beast itself. I finally really took the time to figure it out, however, and I realized that it's not too difficult to use. The cool part is that Cacti makes RRDtool manipulation incredibly convenient. It did take me the better part of a day to understand Cacti fully, so hopefully this article will save you some time.


Reading Web Comics via Bash Script

By Jim Hall

I follow several Web comics. I used to open my Web browser and check out each comic's Web site. That method was fine when I read only a few Web comics, but it became a pain to stay current when I followed more than about ten comics. These days, I read around 20 Web comics. It takes a lot of time to open each Web site separately just to read a Web comic. I could bookmark the Web comics, but I figured there had to be a better way—a simpler way for me to read all of my Web comics at once.


Go to Full Article
Categories: Linux News

Ring-KDE 3.0.0 Released, Intel Debuts 32TB Ruler-Shaped SSDs, OpenEMR Security Issues, PostgreSQL Updates and New Version of Unigine

Linux Journal - Fri, 08/10/2018 - 08:34

News briefs for August 10, 2018.

Ring-KDE 3.0.0, a GNU client, has been released. GNU Ring is a secure, distributed communication platform based on open industry-standard technologies for audio calls, video conferences, chat, screen-sharing and peer-to-peer file transfer. This new version of Ring-KDE is a full rewrite of the app "to use more modern technologies such as touch support, QtQuick2 and KDE Kirigami adaptive widget framework". When you join GNU Ring, "no servers or centralized accounts are needed. Beside an optional blockchain-based way to reserve your username against takeover, nothing leaves your device", and Ring-KDE "provides a simple wizard to help you create credentials or import your personal information from other devices." For more info, also visit here.

Intel debuts a totally silent ruler-shaped solid state drive, the Intel SSD DC P4500. This SSD is can store 32 terabytes—"equivalent to triple the entire printed collection of the U.S. Library of Congress". In addition, "the no-moving-parts ruler-shaped SSDs can be lined up 32 side-by-side, to hold up to a petabyte in a single server slot. Compared with a traditional SSD, the 'ruler' requires half the airflow to keep cool. And compared with hard disk storage, the new 3D NAND SSD sips one-tenth the power and requires just one-twentieth the space."

Several security vulnerabilities were discovered recently in OpenEMR, developer of open-source electronic health records and practice management tools, possibly affecting the data of more than 90 million patients. Info Security Magazine reports that the issues "included nine separate SQL injection vulnerabilities, four remote code execution flaws and several arbitrary file read, write and delete bugs. Others included a portal authentication bypass, unauthenticated information disclosure, and cross-site request forgery". Info Security notes that OpenEMR team has since patched "most" of the vulnerabilities.

PostgreSQL announces a slew of new releases: 10.5, 9.6.10, 9.5.14, 9.4.19, 9.3.24 and 11 beta 3. The third beta release of PostgreSQL 11 "contains previews of all features that will be available in the final release of PostgreSQL 11". Two security issues and more than 40 bugs are also fixed in these updates.

Unigine, the Linux-friendly commercial game and professional graphics engine has released version 2.7.2. According to Phoronix, this release "has better importing support for CAD models, optimized texture streaming, physically-based cameras and lights, an improved particle system, multi-channel rendering improvements, and various other optimizations and polishing. Unfortunately, no word on Vulkan support yet for Unigine 2." For more info, see also the Unigine Dev site.

News KDE Security Intel SSDs Storage PostgreSQL gaming
Categories: Linux News

Telecommuting Tips

Linux Journal - Fri, 08/10/2018 - 08:30
by Kyle Rankin

With all the collaboration technology available for offices today, there's no reason telecommuters can't be as productive and as connected as other team members.

I live in the San Francisco Bay Area, known for high-tech companies, horrible traffic and high cost of living. When it came time for me to buy a house, I chose an area that left me with a 90–120-minute commute, depending on traffic and the time of day, so through the years, I've negotiated work-from-home days and have experience with telecommuting at companies of various sizes with different proportions of remote workers. Telecommuting is not only more convenient for many employees, it also can get the best work out of people, because it can grant better opportunities to focus and lets employees get right to work instead of spending hours getting to and from work. Unfortunately, many places inadvertently sabotage their telecommuters with bad practices, so here are a few tips to help make telecommuting successful.

Invest in Good Teleconference Hardware

I've attended many video conferences where the audio was so horrible, I might as well have not joined. Or worse, there was a time when one speaker was loud and clear, but when the conversation went to the other side of the table, it was inaudible. Although it's nice to have quality cameras, having quality microphones is critical. Make sure each of your meeting rooms has quality microphones that can pick up sounds all around the meeting table, and make sure attendees speak up. Relying on the microphone on someone's laptop just doesn't cut it for meetings involving more than two people. Although it's considered good meeting etiquette to have only one person speak at a time, this protocol is extra important if you have anyone calling in, as cross-talk makes it all but impossible to hear either conversation even over a good microphone.

Add Video Conference Links to Every Meeting

Make it a habit to add a link to your video conference room for each meeting you create, even if all of the attendees are expected to be in the office. This habit ensures that when you realize you forgot to invite a remote workers, you aren't scrambling to figure out how to set up the video conference, plus sometimes even team members in the office need to work from home at the last minute. If your scheduling software can do this automatically, even better (some do this by having each meeting room in a contact list and inviting the relevant meeting room to the meeting). Also make sure you set this up for all-hands company-wide meetings.

Go to Full Article
Categories: Linux News

Julia 1.0 Released, 2018 State of Rust Survey, Samsung Galaxy Note 9 Launches Today, Margaret Dawson of Red Hat Named Business Role Model of the Year in Women in IT Awards and Creative Commons Awarded $800,000 from Arcadia

Linux Journal - Thu, 08/09/2018 - 08:38

News briefs for August 9, 2018.

Julia 1.0 made its debut yesterday—the "culmination of nearly a decade of work to build a language for greedy programmers". The language's goal: "We want a language that's open source, with a liberal license. We want the speed of C with the dynamism of Ruby. We want a language that's homoiconic, with true macros like Lisp, but with obvious, familiar mathematical notation like Matlab. We want something as usable for general programming as Python, as easy for statistics as R, as natural for string processing as Perl, as powerful for linear algebra as Matlab, as good at gluing programs together as the shell. Something that is dirt simple to learn, yet keeps the most serious hackers happy. We want it interactive and we want it compiled." You can download it here.

The Rust Community announced the 2018 State of Rust Survey, and they want your opinions to help them establish future development priorities. The survey should take 10–15 minutes to complete, and is available here. And, you can see last year's results here.

Samsung Galaxy Note 9 launches today at 11am ET. You can watch the spectacle via Android Central, which will be streaming the live event.

Margaret Dawson, Vice President, Portfolio Product Marketing at Red Hat, was named Business Role Model of the Year at the inaugural Women in IT Awards USA. The awards were organized by Information Age to "redress the gender imbalance by showcasing the achievements of women in the sector and identifying new role models".

Creative Commons was awarded $800,000 from Arcadia (a charitable fund of Lisbet Rausing and Peter Baldwin) to support CC Search, which is "a Creative Commons technology project designed to maximize discovery and use of openly licensed content in the Commons". CC Search, along with Commons Metadata Library and the Commons API, plans to form the Commons Collaborative Archive and Library, a suite of tools that will "make the global commons of openly licensed content more searchable, usable, and resilient, and to provide essential infrastructure for collaborative online communities".

News Julia Rust Programming creative commons Women Android Mobile
Categories: Linux News

Astronomy on KDE

Linux Journal - Thu, 08/09/2018 - 07:15
by Joey Bernard

I recently switched to KDE and Plasma as my main desktop environment, so I thought I'd start digging into some of the scientific software available on KDE. First up is KStars, the desktop astronomy program.

KStars probably won't be installed with the standard KDE desktop, so you may need to install it. If you're using a Debian-based distribution, you can install KStars with the following command:

sudo apt-get install kstars

When you first start it, KStars asks for your current location, and then it gives you the option of installing several extra information files to add to the list of objects that KStars knows about and can display. Once those steps are finished, KStars begins with the current sky at the location you entered earlier.

Figure 1. On startup, KStars shows you the current layout of the sky in your location.

So, what can you do with KStars? If you've used programs like Stellarium before, you'll find that you can do the same types of tasks with KStars. You can use your mouse to click and drag the display to change the direction you're facing. The cardinal directions are labeled along the outside of the circle of the sky, and you can zoom in and out to change the field of view. If you see an object you want to examine further, you can double-click it to center it on the display and tag it as the current object of interest.

Depending on what catalogs of data you installed, some of the objects may have more or less information available. For example, selecting the planet Uranus and zooming all the way in shows a reasonably detailed image of the planet, including the ring orientation.

Figure 2. You can easily select and zoom in to objects of interest in KStars.

Quite a few options are available for controlling what's shown in the main window. The toolbar across the top of the window allows you to toggle the following items: stars, deep sky objects, solar system objects, supernovae, satellites, constellation lines, constellation names, constellation art, constellation boundaries, Milky Way, equatorial coordinate grid, horizontal coordinate grid and opaque ground. This allows you to customize the display so that it shows only what you're interested in at the time. The last display option is to toggle the "What's Interesting" pane.

Go to Full Article
Categories: Linux News

LibreOffice 6.1 Now Available, Facebook Open-Sourcing Fizz, Firefox Advance Is Latest Test Pilot Experiment, Dart 2.0 Stable Released and KDE Neon Bionic Preview Images Available for Testing

Linux Journal - Wed, 08/08/2018 - 09:15

News briefs for August 8, 2018.

The Document Foundation announced this morning that LibreOffice 6.1 is now available. This is the second major release of the 6 family, and it has many new features, such as Colibre (a new icon theme for Windows), a reworked image handling feature, an improved EPUB export filter, improvements in all modules of LibreOffice Online and much more. See this video for more on all the new features. You can download LibreOffice 6.1 from here.

Facebook announced it is open-sourcing Fizz, a "robust, highly performant TLS library written in C++ 14". In addition, Facebook says that "Fizz now handles millions of TLS 1.3 handshakes every second. We believe this makes it the largest deployment of TLS 1.3—and early (0-RTT) data—on the internet." Fizz is now available on GitHub, and Facebook hopes that open-sourcing it will "help speed up deployment of TLS 1.3 across the internet and help others make their apps and services faster and more secure".

Firefox's latest Test Pilot Experiment called Advance is now available. Mozilla writes that with Advance, "you can explore more of the web efficiently, with real-time recommendations based on your current page and your most recent web history." Advance is a Web Extension that "works by analyzing content you're into right now in order to provide recommendations based on what you may want to 'Read Next' through a sidebar in the browser." You can download it from here.

Google announced the release of Dart 2 stable yesterday, including a rewrite of the Dart web platform. According to Google, "Dart 2 marks the rebirth of Dart as a mainstream programming language focused on enabling a fast development and great user experiences for mobile and web applications." See the GitHub page for all the changes.

KDE neon Bionic Preview images are now available for testing. You can download the ISO images from here and provide feedback in the forum.

News LibreOffice Facebook Fizz Firefox Dart Google KDE
Categories: Linux News

Good Lockdown vs. Bad

Linux Journal - Wed, 08/08/2018 - 07:00
by Zack Brown

There's an ongoing series of skirmishes between corporations who want to sell products that users don't fully control and the kernel developers who want users to be the highest authority. Sometimes these skirmishes manifest in the form of security patches intended to lock down the kernel. Do they lock down the kernel against outside attackers? Or do they lock down the kernel against change from anyone at all, including the user who owns the device?

David Howells recently pushed a patch out of the linux-next, submitting it for inclusion in the main source tree. As he put it, the patch "adds kernel lockdown support for EFI secure boot". And a man page included in the patch said:

The Kernel Lockdown feature is designed to prevent both direct and indirect access to a running kernel image, attempting to protect against unauthorized modification of the kernel image and to prevent access to security and cryptographic data located in kernel memory, whilst still permitting driver modules to be loaded.

The patch gave birth to an odd debate, but a familiar one by now. Matthew Garrett, ultimately the main proponent of the patch, kept defending it on technical grounds that Linus Torvalds felt were meaningless and dishonest, hiding a secret agenda that included helping companies like Microsoft lock users out of making changes to their own systems.

Andy Lutomirski was another critic of Matthew's defense of the patch. The debate circled around and around, with Linus and Andy trying to get Matthew to admit the true motivation they believed he had and Matthew attempting to give solid reasons why the patch should go into the kernel. Things got ugly.

James Morris initially accepted the patch, planning to send it up to Linus for inclusion, and Andy reviewed the code. Among his comments, Andy said the goal of the patch was not clearly stated. He said for the purpose of his code review he would assume the goal was to prevent the root user from either reading kernel memory or intentionally corrupting the kernel.

But, he didn't think those were proper goals for a kernel, even a UEFI Secure Boot kernel. He said, "the kernel should try to get away from the idea that UEFI Secure Boot should imply annoying restrictions. It's really annoying and it's never been clear to me that it has a benefit." He singled out the idea of preventing the root user from accessing kernel memory as one of these annoying restrictions.

Kees Cook replied with his overall justification for this patch. He said:

Go to Full Article
Categories: Linux News

SegmentSmack Kernel Bug Discovered, Android 9 Pie Now Available, Google's August Security Bulletin for Android, Kernel 4.19 to Get STACKLEAK Feature and GNOME Releases Keysign 0.9.8

Linux Journal - Tue, 08/07/2018 - 08:50

News briefs for August 7, 2018.

Security researchers have discovered a bug in kernel 4.9 called SegmentSmack. Red Hat comments that "a remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system". There's no known workaround other than a fixed kernel at this time. See also the story on ZDNet for more information.

Android 9 "Pie" was released yesterday. Android 9 uses AI to help it adapt to your preferences as you use it. Other new features include an adaptive battery, gesture navigation and tools to help you see how much time you're spending on your phone.

Google also released its August security bulletin for Android yesterday, and the most severe issue "is a critical vulnerability that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process".

The upcoming 4.19 kernel will be getting the STACKLEAK feature, Phoronix reports. STACKLEAK provides further security as it "wipes out the kernel stack before returning from system calls. By clearing the kernel stack, it reduces possible leakage and can block some possible attack vectors, including stack clash attacks and uninitialized stack variable attacks."

GNOME Keysign 0.9.8 has been released. This update fixes several bugs and now includes Bluetooth support so you can exchange keys without a network connection. The app is also now on Flathub, and you can install it from here.

News Security kernel Android Google GNOME
Categories: Linux News

#geeklife: weBoost 4G-X OTR Review

Linux Journal - Tue, 08/07/2018 - 07:00
by Kyle Rankin

Will a cellular booster help me stay connected on my epic working road trip?

I'm a Linux geek, and I think I safely can assume everyone reading an article in Linux Journal identifies themselves as Linux geeks as well. Through the years I've written about many of my geeky projects here in Linux Journal, such as my Linux-powered beer fermentation fridge or my 3D printer that's remotely controlled using a Raspberry Pi and Octoprint software. The thing is, my interests don't stop strictly at Linux, and I doubt yours do either. While my homebrewing, 3D printing and (more recently) RV interests sometimes involve Linux, often they don't, yet my background means I've taken a geek's perspective and approach to all of those interests. I imagine you take a similar approach to your hobbies and side projects, and readers would find some of those stories interesting, useful and inspirational.

We discussed this at Linux Journal and realized there should be a space for Linux geeks to tell their geeky stories even if they don't directly involve Linux. This new series, #geeklife, aims to provide a place where Linux geeks can talk about interests and projects even if they might not be strictly Linux-related. We invite you to send proposals for #geeklife articles to

For this first #geeklife article, I'm telling the story of a geeky, connected working road trip I just took in my RV, and within that context, I also review a particular piece of hardware I hoped would make the trip possible, the weBoost Drive 4G-X OTR. In the interest of full disclosure, Wilson Electronics provided me with this review unit, and I did not purchase it independently.

Working Remotely

My job is 100% remote. It took me many years of braving multi-hour California Bay Area commutes and turning down opportunities to find a job where I finally could work completely from home. Smart organizations are finally beginning to realize the many advantages to having a remote workforce, but I've found it works best if you have the right team, the right tools and the bulk of the workforce is remote. When everyone is distributed, everyone relies on the incredible modern collaboration tools currently available, and you have focus and incredible productivity when you need it while still being able to communicate with your peers.

My wife is a freelance writer and has worked from her home office long before I also worked from home. Once I also landed a job where I was completely remote, we posed the following question to ourselves: in theory, we could work from anywhere with a decent internet connection, but in practice, is that really something we could do? What would that kind of working trip look like?

Go to Full Article
Categories: Linux News

Thunderbird 60.0 Released, Lenovo Now in LVFS, Netrunner Rolling 2018.08 Now Available, HP Printer Security Vulnerabilities and New SteamOS Brewmaster Beta Update

Linux Journal - Mon, 08/06/2018 - 08:46

News briefs for August 6, 2018.

Thunderbird 60.0 was released today. You can download the new version from here (note, this is a direct download, not an upgrade). Changes include improvements for dealing with attachments, new light and dark themes, WebExtension themes are now enabled, several new calendar features and much more.

Richard Hughes welcomes Lenovo to the LVFS (Linux Vendor Firmware Service). He writes that he and Peter Jones "have been working with partners of Lenovo and the ThinkPad, ThinkStation and ThinkCenter groups inside Lenovo to get automatic firmware updates working across a huge number of different models of hardware." And also that "Bringing Lenovo to the LVFS has been a lot of work. It needed changes to the low level fwupdate library, fwupd, and even the LVFS admin portal itself for various vendor-defined reasons."

Netrunner Rolling 2018.08 is now available. Main updates include KDE Plasma 5.13.3, KDE Frameworks 5.48, KDE Applications 18.04, Qt 5.11.1, Linux Kernel 4.17 Firefox Quantum 61.0 and much more. You can get the new release here.

More than 100 models of HP printers have critical vulnerabilities, ZDNet reports. From HP's security bulletin: "Two security vulnerabilities have been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution." To see the list of affected printers and links to the patches, go here.

A new SteamOS beta update for the Brewmaster release is now available. According to GamingOnLinux, "it's not technically a major update in terms of the overall system, it's still rather mighty where it counts". Updates include Linux kernel 4.16, Mesa 18.1.5 with LLVM 7.0 snapshot and NVIDIA drivers 396.45.

News Thunderbird Lenovo Distributions KDE Security HP SteamOS gaming
Categories: Linux News

Why the Failure to Conquer the Desktop Was Great for GNU/Linux

Linux Journal - Mon, 08/06/2018 - 06:30
by Glyn Moody

AI: open source's next big win.

Canonical recently launched Ubuntu 18.04 LTS. It's an important release. In part, that's because Canonical will support it for five years, making it one of the relatively rare LTS products in Ubuntu's history. Ubuntu 18.04 also marks a high-profile return to GNOME as the default desktop, after a few years of controversial experimentation with Unity. The result is regarded by many as the best desktop Ubuntu so far (that's my view too, for what it's worth). And yet, the emphasis at launch lay elsewhere. Mark Shuttleworth, CEO of Canonical and founder of Ubuntu, said:

Multi-cloud operations are the new normal. Boot-time and performance-optimised images of Ubuntu 18.04 LTS on every major public cloud make it the fastest and most efficient OS for cloud computing, especially for storage and compute-intensive tasks like machine learning.

The bulk of the official 18.04 LTS announcement is about Ubuntu's cloud computing features. On the main web site, Ubuntu claims to be "The standard OS for cloud computing", citing (slightly old) research that shows "70% of public cloud workloads and 54% of OpenStack clouds" use it. Since Canonical is a privately held company, it doesn't publish a detailed breakdown of its operations, just a basic summary. That means it's hard to tell just how successful the cloud computing strategy is proving. But, the fact that Shuttleworth is now openly talking about an IPO—not something to be undertaken lightly—suggests that there is enough good news to convince investors to throw plenty of money at Canonical when the prospectus spells out how the business is doing.

Go to Full Article
Categories: Linux News

New EdgeX Foundry "California" Released, Rust v. 1.28.0 Now Available, Humble Bundle's Sports Bundle Has Games for Linux, Firefox 63 Will Have Out-of-Process Extensions for Linux and an Update on EFF's Respects Your Freedom Certification Program

Linux Journal - Fri, 08/03/2018 - 08:42

News briefs for August 3, 2018.

The Linux Foundation's EdgeX Foundry announced its second major release, "California". This new release of the EdgeX IoT middleware for edge computing adds security features, such as reverse proxy and secure credentials storage. In addition, it has been rewritten in Go, which makes it possible to run on the Raspberry Pi 3, the official target platform for California.

The Rust programming language announced new version 1.28.0 stable yesterday. New features include global allocators allowing you to change the way memory is obtained, improved error messaging for formatting, library stabilizations and more. See the release notes on GitHub for more information.

Humble Bundle has released a new Humble Sports Bundle that includes several games for Linux if you pay more than the lowest tier, GamingOnLinux reports. The games include Motorsport Manager, DiRT Rally, Super Blood Hockey and 75% off Football Manager 2018. You can check out the Bundle here.

Firefox 63, which is due to be released later this year, will have out-of-process extensions for Linux. According to OMG Ubuntu, once it's turned on, all new WebExtensions that you add to your browser will run in their own dedicated processes, which means if one crashes, it won't take your entire browser with it. This feature is already available for Windows and macOS Firefox users.

The EFF announces that its Respects Your Freedom certification program continues to grow. The most recent additions were the Zerocat Chipflasher and Minifree Libreboot X200 Tablet (both certified in May 2018), and there currently are around 50 more devices working their way through the certification program.

News The Linux Foundation IOT Raspberry Pi Rust Programming gaming Firefox eff
Categories: Linux News

Extending Landlocked Processes

Linux Journal - Fri, 08/03/2018 - 07:00
by Zack Brown

Mickaël Salaün posted a patch to improve communication between landlocked processes. Landlock is a security module that creates an isolated "sandbox" where a process is prevented from interacting with the rest of the system, even if that process itself is compromised by a hostile attacker. The ultimate goal is to allow regular user processes to isolate themselves in this way, reducing the likelihood that they could be an entry point for an attack against the system.

Mickaël's patch, which didn't get very far in the review process, aimed specifically at allowing landlocked processes to use system calls to manipulate other processes. To do that, he wanted to force the landlocked process to obey any constraints that also might apply to the target process. For example, the target process may not allow other processes to trace its execution. In that case, the landlocked process should be prevented from doing so.

Andy Lutomirski looked at the patch and offered some technical suggestions, but on further reflection, he felt Mickaël's approach was too complicated. He felt it was possible that the patch itself was simply unnecessary, but that if it did have a value, it simply should prevent any landlocked process from tracing another process' execution. Andy pointed to certain kernel features that would make the whole issue a lot more problematic. He said, "If something like Tycho's notifiers goes in, then it's not obvious that, just because you have the same set of filters, you have the same privilege. Similarly, if a feature that lets a filter query its cgroup goes in (and you proposed this once!), then the logic you implemented here is wrong."

Andy's overall assessment of landlock was, "I take this as further evidence that Landlock makes much more sense as part of seccomp than as a totally separate thing. We've very carefully reviewed these things for seccomp. Please don't make us do it again from scratch."

But Mickaël felt that landlock did have some valid use cases Andy hadn't mentioned—for example, "running a container constrained with some Landlock programs". Without his patch, Mickaël felt it would be impossible for users in that situation to debug their work. As he put it, "This patch adds the minimal protections which are needed to have a meaningful Landlock security policy. Without it, they may be easily bypassable, hence useless."

And as for folding landlock into seccomp, Mickaël replied, "Landlock is more complex than seccomp, because of its different goal. seccomp is less restrictive because it is more simple."

Go to Full Article
Categories: Linux News

VCs Are Investing Big into a New Cryptocurrency: Introducing Handshake

Linux Journal - Thu, 08/02/2018 - 16:14
by Petros Koutoupis

The entire landscape of how we authenticate domain names likely will see a complete overhaul, all powered by blockchain technologies. Just released, Handshake brings with it the much needed security and reliability on which we rely. Backed by venture capitalists and industry-established blockchain developers, Handshake has raised $10.2 million to replace the current digital entities maintaining our current internet infrastructure.

The project and protocol has been led by Joseph Poon (creator of Bitcoin's Lightning Network), Andrew Lee (CEO of Purse), Andrew Lee (founder of Private Internet Access or PIA) and Christopher Jeffrey (CTO of Purse). The effort also is backed by 67 individuals with funding coming from A16z, Founders Fund, Sequoia Capital, Greylock Partners, Polychain Capital and Draper Associates.

The Handshake project pledges to donate its initial funding of $10.2 million to FOSS projects, university research departments and more. The list of recipients includes projects and foundations such as the Apache Software Foundation, FreeBSD, Reproducible Builds, GNOME, FSF, SFC, Outreachy, ArchLinux, systemd and many more.

What Is Handshake?

Handshake aims to be a wholly democratic and decentralized certificate authority and naming system. Handshake does not replace the Domain Name System (DNS). It is, however, an alternative to today's certificate authorities—that is, it uses a decentralized trust anchor to prove domain ownership. Although the primary goal of the project is to simplify and secure top-level domain registration while also making the root zone uncensorable, permissionless and free of gatekeepers.

A traditional root DNS supports the current infrastructure of the internet and, therefore, facilitates online access. The root servers hosting the internet publish root zone file contents, which are responsible for the internet's DNS functionality. DNS associates information with domain names and maps them to public-facing IP addresses.

The way Handshake differs from this is that it's all peer to peer. Every peer is responsible for validating and managing the root zone (via the use of "light clients"). All existing entries in the root zone file will form the genesis block of the blockchain supporting it. The same root zone will be distributed across the nodes forming the chain. The implementation allows for any participant to help host this distributed root zone and add to it.

How Does It Work?

Handshake makes use of a coin system for name registration (that is, the Handshake coin or HNS). It is the mechanism by which participants are able to transfer, register and update internet domain names. Currently, Handshake has opened a faucet to distribute HNS coins to qualified FOSS contributors. If you are one such contributor and you meet the project's criteria, you can sign up here.

Go to Full Article
Categories: Linux News

Mozilla Announces Things Gateway 0.5, Reddit Security Incident, Docker Moving to a New Release Cycle, Artifact Coming in November and LibreOffice 6.0.6 Now Available

Linux Journal - Thu, 08/02/2018 - 09:14

News briefs for August 2, 2018.

The Mozilla IoT team announced the 0.5 release of the Things Gateway this morning, which is "packed full of new features including customisable devices, a more powerful rules engine, an interactive floorplan and an experimental smart assistant you can talk to." If you want to try out this new version of the gateway, you can download it from here and use it on your Raspberry Pi. According to the press release, "A powerful new 'capabilities' system means that devices are no longer restricted to a predefined set of Web Thing Types, but can be assembled from an extensible schema-based system of 'capabilities' through our new schema repository. This means that developers have much more flexibility to create weird and wacky devices, and users have more control over how the device is used."

Reddit announces it had a security incident: an attacker "managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords. Since then we've been conducting a painstaking investigation to figure out just what was accessed, and to improveour systems and processes to prevent this from happening again." If you haven't changed your Reddit login password since 2007, you probably should do it now.

Docker is moving to a new release and support cycle for its Community Edition (CE) releases, ServerWatch reports. New Docker CE versions will come out every six months, and each new CE release will be supported for seven months. The next CE Stable release is due out in September. Docker CE Edge releases will move to a faster cycle—from monthly to nightly builds.

Artifact, Valve's digital collectible card game, is set to debut November 28, 2018, for Linux, macOS and Windows, Phoronix reports. The first public showing of the game will be at PAX West in Seattle, August 31–September 3. See for more information on Artifact.

LibreOffice 6.0.6 is now available from the Document Foundation. This is a minor release, but it does include several bug fixes. You can download it here, and view the changelogs here and here.

News Mozilla IOT Reddit Security Docker Containers gaming LibreOffice
Categories: Linux News

Engineers vs. Re-engineering

Linux Journal - Thu, 08/02/2018 - 07:07
by Doc Searls

In an age when people are being re-engineered into farm animals for AI ranchers, it's the job of engineers to save humanity through true personal agency.

A few months ago, I was driving through Los Angeles when the Waze app on my phone told me to take the Stadium Way exit off the 110 freeway. About five other cars peeled off with me, and we became a caravan, snaking through side streets and back onto the freeway a few miles later. I knew Waze had to be in charge of us, since Waze is the navigation app of choice in Los Angeles, and it was beyond coincidence that all these cars took the same wild maze run through streets only locals knew well.

What was Waze up to here, besides offering its users (or a subset of them) a way around a jam? Was it optimizing traffic by taking some cars off the highway and leaving others on? Running an experiment only some AI understood? There was no way to tell. I doubt anyone at Waze could say exactly what was going on either. Algorithms are like that. So are the large and constantly changing data sets informing algorithms most of us with mobile devices depend on every day.

In Re-engineering Humanity, Brett Frischmann and Evan Selinger have dug deeply into what's going on behind the "cheap bliss" in our fully connected world.

What they say is that we are all subjects of techno-social engineering. In other words, our algorithmic conveniences are re-making us, much as the technologies and techniques of agriculture re-makes farm animals. And, as with farming, there's an extraction business behind a lot of it.

They say "humanity's techno-social dilemma" is that "companies, institutions, and designers regularly treat us as programmable objects through personalized technologies that are attuned to our personal histories, present behavior and feelings, and predicted futures."

And we are not innocent of complicity in this. "We outsource memory, decision-making and even our interpersonal relations...we rely on the techno-social engineers' tools to train ourselves, and in doing so, let ourselves be trained."

There are obvious benefits to "delegating physical, cognitive, emotional and ethical labor to a third party", such as Waze, but there are downsides, which Brett and Evan number: 1) passivity, 2) decreased agency, 3) decreased responsibility, 4) increased ignorance, 5) detachment and 6) decreased independence. On the road to these diminished human states, we have "fetishised computers and idealized computation".

Doing both means "we work on problems best solved by computation", which in turn leads to "the imperialism of instrumental reason and the improper assumption that all problems are comprehensible in the language of computation and thus can be solved with the same set of social and technological tools".

Go to Full Article
Categories: Linux News

New Issue: Linux Journal August 2018 with a Deep Dive into Containers

Linux Journal - Wed, 08/01/2018 - 10:54
by Carlie Fairchild

The recent rise in popularity of container technology within the data center is a direct result of its portability and ability to isolate working environments, thus limiting its impact and overall footprint to the underlying computing system. To understand the technology completely, you first need to understand the many pieces that make it all possible. With that, may we introduce Linux Journal's Container issue.

Featured Articles in this Issue Include:

  • Linux Control Groups and Process Isolation 
  • Working with Linux Containers (LXC)
  • Orchestration with Kubernetes
  • The Search for a GUI Docker
  • Sharing Docker Containers Across DevOps Environments

Additional Articles:

  • The Chromebook Grows Up
  • FOSS Project Spotlight: SIT (Serverless Information Tracker)
  • #geeklife: weBoost 4G-X OTR Review
  • Astronomy on KDE
  • Road to RCHA: Bumps and Bruises and What I'm Studying
  • Tech Tip: Easy SSH Automation

Regular Columns Include:

  • From the Editor—Doc Searls: Engineers vs. Re-engineering
  • Kyle Rankin's Hack and /: Cleaning Your Inbox with Mutt
  • Reuven M. Lerner's At the Forge: Python and Its Community Enter a New Phase
  • Dave Taylor's Work the Shell: Creating the Concentration Game PAIRS with Bash
  • Zack Brown's diff -u: What's New in Kernel Development
  • Glyn Moody's Open Sauce: What Does "Ethical" AI Mean for Open Source?

Subscribers, you can download your August issue now.

Not a subscriber? It’s not too late. Subscribe today and receive instant access to this and ALL back issues since 1994!

Want to buy a single issue? Buy the August magazine or other single back issues in the LJ store.

Go to Full Article
Categories: Linux News

GNU C Library v. 2.28 Released, Purism Update on Librem 5 Communication Apps, Istio v. 1.0 Now Available, 4.18 Kernel Delayed and City of Rome Switching to LibreOffice

Linux Journal - Wed, 08/01/2018 - 09:13

News briefs for August 1, 2018.

The GNU C Library version 2.28 was released this morning. New features include localization data for ISO 14651 has been updated to match Edition 4, introducing significant improvements to the collation of Unicode characters; it now can be compiled with support for Intel CET, aka Intel Control-flow Enforcement Technology; it now supports ABSOLUTE symbols; and more. Packages for the 2.28 release are available from or

Purism posted an update on the Librem 5's communication apps yesterday. The "Calls" app is not only for regular calls, but is "designed to integrate a much higher level of security and privacy through end to end encrypted technologies in a very transparent way". You can see the repository of designs for the Calls app here. The plan for the "Messages" app is "to be able to handle regular text messages (SMS) while also handling secure end-to-end encrypted messages in a transparent way between two compatible devices", and that repository is available here.

Istio, the open-source service mesh, released version 1.0 yesterday. According to the post on Light Reading, "Istio provides visibility into container performance, support for user testing, updating controls and security for service interactions. The availability of version 1.0 of the software means those features are locked down, ready for deployment in production applications, and developers can write software to those features without worrying that the apps will break due to changes in future versions, as future Istio versions will be backwards-compatible with 1.0."

The 4.18 kernel will be delayed one week, LWN reports, due to "some late-discovered problems". Linus Torvalds posted on LKML: "I _prefer_ just the regular cadence of releases, but when I have a reason to delay, I'll delay."

The city of Rome is switching to open-source LibreOffice. The city installed LibreOffice alongside the proprietary alternative on all of its 14,000 PC workstations in April and is gradually making the change. There are 112 staff members called "innovation champions", who are in favour of free and open source, and who are helping with the switch by explaining the reasons for changing to open source and training co-workers (source: Open Source Observatory).

News GNU C Library Purism Librem 5 Phone Containers Istio kernel LibreOffice open source
Categories: Linux News
Syndicate content