Skip to main content

Feed aggregator

February 2019 report: LTS, HTML mail, new phone and new job

Anarcat - Tue, 03/05/2019 - 21:04
Debian Long Term Support (LTS)

This is my monthly Debian LTS report.

This is my final LTS report. I have found other work and will unfortunately not be able to continue working on the LTS project in the foreseeable future. I will continue my volunteer work on Debian and might even contribute to LTS in my normal job, but not directly part of the LTS team.

It is too bad because that team is doing essential work, and needs more help. Security is, at best, lacking everywhere and I do not believe the current approach of "minimal viable product, move fast, then break things" is sustainable. The people working on Linux distributions and also the LTS people are doing hard, dirty work of maintaining free software in the long term. It's thankless but I believe it's one of the most important jobs out there right now. And I suspect there will be only more of it as time goes by.

Legacy systems are not going anywhere: this is the next generation's "y2k bug": old, forgotten software no one understands or cares to work with that suddenly break or have a critical vulnerability that needs patching. Moving faster will not help us fix this problem: it only piles up more crap to deal with for real systems running in production.

The survival of humans and other species on planet Earth in my view can only be guaranteed via a timely transition towards a stationary state, a world economy without growth.

-- Peter Custers

Website work

I again worked on the website this month, doing one more mass import (MR 53) which was finally merged by Holger Levsen, after I fixed an issue with PGP signatures showing up on the website.

I also polished the misnamed "audit" script that checks for missing announcements on the website and published it as MR 1 on the "cron" project of the webmaster team. It's still a "work in progress" because it is still too noisy: there are a few DLAs missing already and we haven't published the latest DLAs on the website.

The remaining work here is to automate the import of new announcements on the website (bug #859123). I've done what is hopefully the last mass import and updated the workflow in the wiki.

Finally, I have also done a bit of cleanup on the website that was necessary after the mass import which also required rewrite rules at the server level. Hopefully, I will have this fairly well wrapped up for whoever picks this up next.

Python GPG concerns

Following a new vulnerability (CVE-2019-6690) disclosed in the python-gnupg library, I have expressed concerns at the security reliability of the project in future updates, referring to wider issues identified by isis lovecroft in this post.

I suggested we should simply drop security support for the project, citing it didn't have many reverse dependencies. But it seems that wasn't practical and the response was that it was actually possible to keep on maintaining it an such an update was issued for jessie.

Golang concerns

Similarly, I have expressed more concerns about the maintenance of Golang packages following the disclosure of a vulnerability (CVE-2019-6486) regarding elliptic curve implementations in the core Golang libraries. An update (DLA-1664-1) was issued for the core, but because Golang is statically compiled, I was worried the update wasn't sufficient: we also needed to upload updates for any build dependency using the affected code as well.

Holger asked the golang team for help and i also asked on irc. Apparently, all the non-dev packages (with some exceptions) were binNMU'd in stretch but the process needs to be clarified.

I also wondered if this maintenance problem could be resolved in the long term by switching to dynamic linking. Ubuntu tried to switch to dynamic linking but abandoned the effort, so it seems Golang will be quite difficult to maintain for security updates in the foreseeable future.

Libarchive updates

I have reproduced the problem described in CVE-2019-1000020 and CVE-2019-1000019 in jessie. I published a fix as DLA-1668-1. I had to build the update without sbuild's overlay system (in a tar chroot) otherwise the cpio tests fail.

Netmask updates

This one was minimal: a patch was sent by the maintainer so I only wrote and sent DLA 1665-1. Interestingly, I didn't have access to the .changes file which made writing the DLA a little harder, as my workflow normally involves calling gen-DLA --save with the .changes file which autopopulates a template. I learned that .changes files are normally archived on coccia.debian.org (specifically in /srv/ftp-master.debian.org/queue/done/), but not in the case of security uploads.

Libreoffice

I once again tried to tackle an issue (CVE-2018-16858) with Libreoffice. The last time I tried to work on LibreOffice, the test suite was failing and the linker was crashing after hours of compilation and I never got anywhere. But that was wheezy, so I figured jessie might be in better shape.

I quickly got into trouble with sbuild: I ran out of space on both / and /home so I moved all my photos to external drive (!). The patch ended up being trivial. I could reproduce with a simple proof of concept, but could not quite get code execution going. It might just be I haven't found the right Python module to load, so I assumed the code was vulnerable and, given the patch was simple, it was worth doing an update.

The build ended up taking close to nine hours and 35GiB of disk space. I published DLA-1669-1 as a result.

I also opened a bug report against dput-ng against dput-ng because it still doesn't warn users about uploads to security-master the same way dput does.

Enigmail

Finally, Enigmail was finally taken off the official support list in jessie when the debian-security-support proposed update was approved.

Other free software work

Since I was going to start that new job in March, I figured I would try to take some time off before work starts. I therefore mostly tried to wrap things up and didn't do as much volunteer work as I usually do. I'm unsure I'll be able to do as much volunteer work now that I start a full time job either, so this might possibly be my last report for a while.

Debian work before the freeze

I uploaded new versions of bitlbee-mastodon (1.4.1-1), sopel (6.6.3-1 and 6.6.3-2) and dateparser (0.7.1-1). I've also sponsored new uploads of smokeping and tuptime.

I also uploaded convertdate to NEW as it was a (missing but optional) dependency of dateparser. Unfortunately, it didn't make it through NEW in time for the freeze so dateparser won't be totally fixed in buster.

I also made two new releases of feed2exec, my programmable feed reader, to fix date parsing on broken feeds, add a JSON output plugin, and fix an issue with the ikiwiki_recentchanges plugin.

New phone

I got tired and bought a new phone. Even though I have almost a dozen old phones in a plastic box here, most of them are basically unusable:

  • two are just "feature phones" - I need OSMand
  • two are Nokia n900 phones that can't read a SIM card
  • at least two have broken screens
  • one is "declared stolen or lost" (same, right?) which means it can't be used as a phone at all, which is totally stupid if you ask me

I managed to salvage the old htc-one-s I had. It's still a little buggy (it crashes randomly) and a little slow, but generally works and I really like how small it is. It's going to be hard to go back to a bigger format.

I bought fairphone2 (FP2). It was pricey, and it's crazy because they might come up with the FP3 this year, but I was sick of trying to cross-reference specification tables and LineageOS download pages. The FP2 just works with an "open" Android version (and LOS) out of the box. But more importantly, the FP project tries to avoid major human rights issues in the source of components and the production of the device, something that's way too often overlooked. Many minerals involved in the fabrication of modern electronics come from conflict zones or involve horrible (child) labour conditions. Fixing those issues should be our priority, maybe even before hardware or software freedom.

Even without addressing completely those issues, the fact that it scored a perfect 10 in iFixit's reparability score is amazing. It seems parts are difficult to find, even in Europe. The phone doesn't ship to the Americas from the original website, which makes it difficult to buy, but some shops do ship to Canada, like Ecosto.

So we'll see how that goes. I will, as usual, document my experiences in the wiki, in fairphone2.

Mailing list experiments

As part of my calendar project, I figured I would keep my "readers" informed of my progress this year and send them an update every month or so. I was inspired by this post as I said last week: I can't stop thinking about it.

So I kept working on Mailman 3. Unfortunately, only a single of my proposed patches was merged. Many of them are "work in progress" (WIP) of course, but I was hoping to get more feedback on the proposals, especially the no notification workflow. Such a workflow delegates the sending of confirmation mails to the caller, which enables them to send more complex email than the straitjacket the templating system forces you into: you could then control every part of the email, not just the body and subject, but also content type, attachments and so on. That didn't seem to get traction: some informal comments I received said this wasn't the right fix for the invite problem, but then no one is working on fixing the invite problem either, so I wonder where that is going to go.

Unabashed, I tried to provide a french translation which allowed me to send an actual invite fully translated. This was a lot of work for not much benefit, so that was frustrating as well.

In the end, I ended up just with a Bcc list that I keep as an alias in my ~/.mutt/aliases, which notmuch reads thanks to my notmuch-address hack. In the email, I proposed my readers an "opt-out": if they don't write back, they're on the mailing list. It's spammy, but the readers are not just the general public: they are people I know well, that are close to me, and to who I have given a friggin' calendar (at least most of them).

If I find the energy, I'll finish setting up Mailman 3 just the way I like and use it to do the next mailing. But I can't help but think the mailing list is overkill for this now: the mailing with a Bcc list worked without a flaw, as far as I could tell, and it means minimal maintenance. So I'm not sure I'll battle Mailman 3 much longer, which is a shame because I happen to believe it's probably our best bet to keep mailing lists (and therefore probably email itself) alive in the future.

Emailing HTML in Notmuch

I actually had to write content for that email too - just messing around with the mailing list server is one thing, but the whole point is to actually say something. Or, in my case, show something, which is difficult using plain text. So I went crazy and tried to send HTML mail with notmuch. The thread is interesting: I encourage you to read it in full, but I'll quote the first post here for posterity:

I know, I know, HTML email is "evil"[1]. I mostly never ever use it, in fact, I don't remember the last time I consciously sent HTML. Maybe I did so back when I was using Netscape Communicator[2][3], but whatever.

The reason I thought about this again is I have been doing more photography these days and, well, being allergic to social media, I have very few ways of sharing those photographs with families and friends. I have tried creating a gallery website with an RSS feed but I'm sure no one here will be surprised that the uptake is minimal, if non-existent. People expect to have stuff pushed to them, like Instagram, Facebook, Twitter or Spam does.

So I thought[4] of Email again: the original social network! I figured I would just make a mailing list, and write to my people once in a while to let them new about my new pictures. And while writing the first email, I realized it was pretty silly to not include images, or at least links to images in the email.

I'm sure you can see where this is going. A link in the email: who's going to click that. Who clicks now anyways, with all the tapping[5] going on. So the answer comes naturally: just write frigging HTML email. Don't be a rms^Wreligious zealot and do the right thing, what works basically everywhere[6] (even notmuch!).

So I started Thunderbird and thought "what the heck am I doing! there must be a better way!" After searching for "message mode emacs html email ktxbye", I found some people already thought about this problem and came up with somewhat elegant solutions[7]. I built on that by trying to come up with a pure elisp solution, which goes a little like this:

(defun anarcat/notmuch-html-convert () """create an HTML part from a Markdown body This will not work if there are *any* attachments of any form, those should be added after.""" (interactive) (save-excursion ;; fetch subject, it will be the HTML version title (message "building HTML attachment...") (message-goto-subject) (beginning-of-line) (search-forward ":") (forward-char) (let ((beg (point))) (end-of-line) (setq subject (buffer-substring beg (point)))) (message "determined title is %s..." subject) ;; wrap signature in a <pre> (message-goto-signature) (forward-line -1) ;; save and delete signature which requires special formatting (setq signature (buffer-substring (point) (point-max))) (delete-region (point) (point-max)) ;; set region to top of body then end of buffer (end-of-buffer) (message-goto-body) (narrow-to-region (point) (mark)) ;; run markdown on region (setq output-buffer-name "*notmuch-markdown-output*") (message "running markdown...") (markdown output-buffer-name) (widen) (save-excursion (set-buffer output-buffer-name) (end-of-buffer) ;; add signature formatted as <pre> (insert "\n<pre>") (insert signature) (insert "</pre>\n") (markdown-add-xhtml-header-and-footer subject)) (message "done the dirty work, re-inserting everything...") ;; restore signature (message-goto-signature) (insert signature) (message-goto-body) (insert "<#multipart type=alternative>\n") (end-of-buffer) (insert "<#part type=text/html>\n") (insert-buffer output-buffer-name) (end-of-buffer) (insert "<#/multipart>\n") (let ((f (buffer-size (get-buffer output-buffer-name)))) (message "appended HTML part (%s bytes)" f))))

For those who can't read elisp for breakfast, this does the following:

  1. parse the current email body as markdown, in a separate buffer
  2. make the current email multipart/alternative
  3. add an HTML part
  4. inject the HTML version in the HTML part

There's some nasty business with formatting the signature correctly by wrapping it in a <pre> that's going on there - I took that from Thunderbird as well.

(For those who do read elisp for breakfast, improvements and comments on the coding style are very welcome.)

The idea is that you write your email normally, but in markdown. When you're done writing that email, you launch the above function (carefully bound to "M-x anarcat/notmuch-html-convert" here) which takes that email and adds an equivalent HTML part to it. You can then even tweak that part to screw around with the raw HTML if you feel depressed or nostalgic.

What do people think? Am I insane? Could this work? Does this belong in notmuch? Or maybe in the tips section? Should I seek therapy? Do you hate markdown? Expand on the relationship between your parents and text editors.

Thanks for any feedback,

A.

PS: the above, naturally, could be adapted to parse the body as RST, asciidoc, texinfo, latex or whatever insanity you think would be more appropriate, I don't care. The idea is the same.

PPS: I remember reading about someone wanting to declare a text/markdown mimetype for email, and remembering it was all backwards and weird and I can't find the reference anymore. If some lazyweb magic person could forward the link to me I would be grateful.

[1]: one of so many: https://www.georgedillon.com/web/html_email_is_evil_still.shtml [2]: https://en.wikipedia.org/wiki/Netscape_Communicator [3]: yes my age is showing [4]: to be fair, this article encouraged me quite a bit: https://blog.chaddickerson.com/2019/01/09/replacing-facebook/ [5]: not the bass guitar one, unfortunately [6]: https://en.wikipedia.org/wiki/HTML_email#Adoption [7]: https://trey-jackson.blogspot.com/2008/01/emacs-tip-8-markdown.html

I edited the original message to include the latest version of the script, which (unfortunately) lives in my private dotfiles git repository.

In the end, all that effort didn't quite do it: the image links would break in webmail when seen from Chromium. This is apparently intended behaviour: the problem was that I am embedding the username/password of the gallery in the HTTP URL, using in-URL credentials which is apparently "deprecated" even though no standards actually says so. So I ended up generating a full HTML version of the frigging email, complete with a link on top of the email saying "if this email doesn't display properly, click the following".

Now I remember why I dislike HTML email. Yet my readers were quite happy to see the images directly and I suspect most of them wouldn't click through on individual images to see each photo, so I think it's worth the trouble.

And now that I think about it, it feels silly not to post those updates on this blog now. But the gallery is private right now, and I think I'd like to keep it that way: it gives me more freedom to share more intimate pictures with people.

Using dtach instead of screen for my IRC bouncer

I have been using irssi in a screen session for a long time now. Recently I started thinking about simplifying that setup by setting up password-less authentication to the session, but also running it as a separate user. This was especially important to keep possible compromises of the IRC client limited to a sandboxed account instead of my more powerful user.

To further limit the impact of a possible compromise, I also started using dtach instead of GNU screen to handle my irssi session: irssi can still run arbitrary code, but at least you can't just open a new window in screen and need to think a little more about how to do it.

Eventually, I could make a profile in systemd to keep it from forking at all, although I'm not sure irssi could still work in such an environment. The change broke the "auto-away script" which relies on screen's peculiar handling of the socket to signify if the session is attached, so I filed that as a feature request.

Other work
Categories: External Blogs

LibreSignage Looking for Beta Testers, OpenNebula v. 5.8 "Edge" Now Available, New SPOILER Attack Affecting Intel CPUs Discovered, Bug Found in Android TV OS and GNU Linux-libre 5.0-gnu Released

Linux Journal - Tue, 03/05/2019 - 09:57

News briefs for March 5, 2019.

LibreSignage, "a FOSS digital signage solution for managing a network of digital signage clients...anything from small advertisement displays to larger commercial billboards", is looking for beta testers for LibreSignage v1.0.0: "If you'd like to try out the latest and greatest of LibreSignage development, you can pull the LibreSignage Docker image by pulling libresignage:v1.0.0-beta-1 from Docker Hub. The readme in the GIT repository contains further instructions on setting up and starting a container. Alternatively you can pull the v1.0.0-beta-1 tag from the GIT repository at https://github.com/eerotal/LibreSignage and build LibreSignage yourself."

OpenNebula recently released version 5.8 "Edge". This version is the fifth major release of the open-source cloud management software. New major features include support for LXD, automatic NIC selection, distributed data centers and scalability improvements. See the release notes for more information, and go here to download.

New "SPOILER" attack discovered affecting Intel's CPUs. Phoronix reports that researchers from Worcester Polytechnic Institute and University of Lubeck discovered the speculative attack and that "Intel was notified of this issue a few months ago but no software/hardware fix appears ready yet, while the researchers claim there might not be an effective software solution available at least anytime soon—and any mitigation would likely come at a performance cost, as we've seen with Spectre and Meltdown over the past year. AMD and ARM CPUs aren't believed to be impacted by SPOILER." See also "SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks".

A bug in the Android TV OS has been found that could expose personal photos to others who own the same Android TV. According to Appuals, when Twitter user @wothadei "tried to access his Vu Android TV through the Google Home app, he could see the linked accounts of several other individuals who owned the same television. Unfortunately, however, this is not the only bug that he has discovered. The Twitter user found that he could view personal photos linked to the accounts of other owners of the Android TV device on Google Photos through the Ambient Mode screensaver settings."

GNU Linux-libre 5.0-gnu was released yesterday. Sources and tarballs are here.

News LibreSignage OpenNebula Cloud SPOILER Intel Security Android GNU Linux-libre
Categories: Linux News

Programming Text Windows with ncurses

Linux Journal - Tue, 03/05/2019 - 08:00
by Jim Hall

How to use ncurses to manipulate your terminal screen.

In my article series about programming for the text console using the ncurses library, I showed you how to draw text on the screen and use basic text attributes. My examples of Sierpinski's Triangle (see "Getting Started with ncurses") and a simple Quest adventure game (see "Creating an Adventure Game in the Terminal with ncurses") used the entire screen at once.

But what if it makes more sense to divide the screen into portions? For example, the adventure game might divide the screen to use part of it for the game map and another portion of the screen for the player's status. Many programs organize the screen into multiple parts—for instance, the Emacs editor uses an editing pane, a status bar and a command bar. You might need to divide your program's display areas similarly. There's an easy way to do that, and that's with the windows functions in ncurses. This is a standard part of any curses-compatible library.

Simple Senet

You may associate "windows" with a graphical environment, but that is not the case here. In ncurses, "windows" are a means to divide the screen into logical areas. Once you define a window, you don't need to track its location on the screen; you just draw to your window using a set of ncurses functions.

To demonstrate, let me define a game board in an unexpected way. The ancient Egyptian game Senet uses a board of 30 squares arranged in three rows and ten columns. Two players move their pieces around the board in a backward "S" formation, so that the board looks like this:

1 2 3 4 5 6 7 8 9 10 20 19 18 17 16 15 14 13 12 11 21 22 23 24 25 26 27 28 29 30

Without the windows functions, you'd have to keep track of the row and column for each piece and draw them separately. Since the board is arranged in a backward "S" pattern, you'll always need to do weird math to position the row and column correctly every time you update each square on the board. But with the windows functions, ncurses lets you define the squares once, including their position, and later refer to those windows by a logical identifier.

The ncurses function newwin() lets you define a text window of certain dimensions at a specific location on the screen:

Go to Full Article
Categories: Linux News

Linux Kernel 5.0 Is Officially Out, ReactOS 0.4.11 Released, Python 2.7.16 Now Available, Some Linux Mint Updates and Rancher Labs Launches K3s

Linux Journal - Mon, 03/04/2019 - 09:36

News briefs for March 4, 2019.

Linux kernel 5.0 is out. Linus writes, "We have more than a handful of real fixes in the last week, but not enough to make me go "Hmm, things are really unstable". In fact, at least two thirds of the patches are marked as being fixes for previous releases, so it's not like 5.0 itself looks bad." The merge window for 5.1 is now open.

ReactOS 0.4.11 was released today. This version includes substantial improvements to the kernel, storage, application start/stop, networking and more. See the official ChangeLog for all the details, and go here to download.

Python 2.7.16 was released yesterday. This is a bug-fix release, and you can get it here.

Linux Mint is getting a new website design and logo. The Linux Mint Blog describes the changes and gives a preview of what the team is working on. In addition, Cinnamon has received some performance improvements, and there also are improvements to the Mint Tools, such as automated removal of old kernels, inhibition of system shutdown/reboot during automated tasks, persistent rotated logs and more.

Rancher Labs has launched k3s, "a lightweight version of Kubernetes that weighs-in at only 40MB". According to Christine Hall's ITPro Today post, "The folks at Rancher are betting that K3s's smaller footprint will be valuable both for edge-based servers and even more constrained connected devices, i.e. anything from assembly line robots to smartphones to connected automobiles." For more information, and to download k3s, go here.

News kernel ReactOS python Linux Mint Distributions Kubernetes k3s
Categories: Linux News

By Jupyter--Is This the Future of Open Science?

Linux Journal - Mon, 03/04/2019 - 07:30
by Glyn Moody

Taking the scientific paper to the next level.

In a recent article, I explained why open source is a vital part of open science. As I pointed out, alongside a massive failure on the part of funding bodies to make open source a key aspect of their strategies, there's also a similar lack of open-source engagement with the needs and challenges of open science. There's not much that the Free Software world can do to change the priorities of funders. But, a lot can be done on the other side of things by writing good open-source code that supports and enhances open science.

People working in science potentially can benefit from every piece of free software code—the operating systems and apps, and the tools and libraries—so the better those become, the more useful they are for scientists. But there's one open-source project in particular that already has had a significant impact on how scientists work—Project Jupyter:

Project Jupyter is a set of open-source software projects that form the building blocks for interactive and exploratory computing that is reproducible and multi-language. The main application offered by Jupyter is the Jupyter Notebook, a web-based interactive computing platform that allows users to author documents that combine live code, equations, narrative text, interactive dashboard and other rich media.

Project Jupyter was spun-off from IPython in 2014 by Fernando Pérez. Although it began as an environment for programming Python, its ambitions have grown considerably. Today, dozens of Jupyter kernels exist that allow other languages to be used. Indeed, the project itself speaks of supporting "interactive data science and scientific computing across all programming languages". As well as this broad-based support for programming languages, Jupyter is noteworthy for its power. It enables users to create and share documents that contain live code, equations, visualizations and narrative text. Uses include data cleaning and transformation, numerical simulation, statistical modeling, data visualization and machine learning.

Go to Full Article
Categories: Linux News

Weekend Reading: FOSS Projects

Linux Journal - Sat, 03/02/2019 - 08:15
by Carlie Fairchild

Linux Journal's FOSS Project Spotlights provide an opportunity for free and open-source project team members to show Linux Journal readers what makes their project compelling. Join us this weekend as we explore some of the latest FOSS projects in the works.

FOSS Project Spotlight: Mender.io, an Open-Source Over-the-Air Software Update Manager for IoT Devices

by Ralph Nguyen

Mender is an open-source (Apache 2.0) project to address over-the-air (OTA) software update management for Linux-based IoT devices.

FOSS Project Spotlight: Nitrux, a Linux Distribution with a Focus on AppImages and Atomic Upgrades

by Nitrux Latinoamericana S.C.

Nitrux is a Linux distribution with a focus on portable, application formats like AppImages. Nitrux uses KDE Plasma 5 and KDE Applications, and it also uses our in-house software suite Nomad Desktop.

FOSS Project Spotlight: Tutanota, the First Encrypted Email Service with an App on F-Droid

by Matthias Pfau

Seven years ago, Tutanota was being built, an encrypted email service with a strong focus on security, privacy and open source. Long before the Snowden revelations, the Tutanota team felt there was a need for easy-to-use encryption that would allow everyone to communicate online without being snooped upon.

FOSS Project Spotlight: LinuxBoot

by David Hendricks

Linux as firmware.

The more things change, the more they stay the same. That may sound cliché, but it's still as true for the firmware that boots your operating system as it was in 2001 when Linux Journal first published Eric Biederman's "About LinuxBIOS". LinuxBoot is the latest incarnation of an idea that has persisted for around two decades now: use Linux as your bootstrap.

FOSS Project Spotlight: CloudMapper, an AWS Visualization Tool

by Scott Piper

Duo Security has released CloudMapper, an open-source tool for visualizing Amazon Web Services (AWS) cloud environments.

Go to Full Article
Categories: Linux News

The Single-Board Computers Issue

Linux Journal - Fri, 03/01/2019 - 11:30
by Bryan Lunduke

When I was a child in the 1980s, I had a computer—a very 1980s computer.

It had a hefty, rectangular, grey case made of some sort of industrial sheet metal. Two plain (but rather large), square buttons adorned the front, begging to be pressed: "Reset" and "Turbo". On the right side of the case, far in the back (nearly out of reach), sat an almost comically large, red power switch. It was the kind of lever that would look right at home in an action movie—used to cut the electricity to all of New York City.

When you "threw the switch", the PC turned on with a deeply satisfying, soul-reverberating, "ka-THUNK".

Inside, sat an Intel 286 CPU decked out with 640k of RAM, which, as some unnamed person may or may not have said, "ought to be enough for anybody". For mass storage, it had a big, double tall hard drive. The connection for this drive wasn't SATA, or SCSI, or even IDE. We're talking about an MFM connection here, baby (MFM stands for Modified Frequency Modulation). As a child, I simply assumed MFM had something to do with the fact that you could hear the hard drive spinning up from down the street.

I kid, I kid. You couldn't actually hear the hard drive—not over the roar of the fan in the power supply.

It was, to say the least, a beast—beastly in size, beastly in power usage and beastly in price.

Flash-forward [counts on fingers, gets depressed at own age, downs a pint of ice cream, resumes writing article] 35 years later. We now have single-board computers (SBCs) with no fans—heck, no moving parts whatsoever—running completely silently.

These SBCs have several hundred times (in some cases, several thousand times) the RAM. Ditto for storage. With significantly faster networking (including wireless, which wasn't even a thing on that old 286) and processing speed that, even among the slowest SBCs, is so much faster, it's almost mind-boggling.

All of this is contained within a physical size often smaller than a credit card and at a price somewhere roughly between one hamburger and...a couple more hamburgers.

These small, silent, low-power, low-cost computers have changed things. They've made general-purpose computing more affordable (and durable), bringing down costs in data centers and allowing solo makers and small companies to create computer-driven hardware projects that would have been nearly impossible to tackle in days gone by.

Here in 2019, we've even got a whole heaping helping of SBCs from which to choose: Arduino, BeagleBoard, Gumstix, ODROID, Pine64, Raspberry Pi—the list goes on and on. We are spoiled for choices.

Go to Full Article
Categories: Linux News

New Crypto-mining Group Targeting Linux Servers, Creative Commons Holding a 24-Hour Web-a-thon for Open Education Week, Canonical Announces Support for Containerd, JDK Mission Control Now Available in Fedora 29 and Google Is Speeding Up the Back Button

Linux Journal - Fri, 03/01/2019 - 09:49

News briefs for March 1, 2019.

A new crypto-mining group is targeting Linux servers. According to ZDNet, the attackers, called Pacha Group, are believed to be from China and have been attacking Linux servers since this past fall, inserting malware that mines cryptocurrency. Security researchers at Intezer discovered that the attackers "use brute-force attacks to compromise services like WordPress or PhpMyAdmin, and once they have an initial foothold, they escalate their access to the underlying server, where they deploy their malware, which Intezer has named Linux.GreedyAntd." See the Intezer Blog for more details.

Canonical yesterday announced support for containerd in the 1.14 releases of Charmed Kubernetes and Microk8s. Carmine Rimi, product manager for Kubernetes at Canonical, says "Containerd has become the industry-standard container runtime focused on simplicity, robustness and portability. Enabling Kubernetes to drive containerd directly reduces the number of moving parts, reduces latency in pod startup times, and improves CPU and memory usage on every node in the cluster." Containerd's GitHub page is here.

JDK Mission Control is now available as a module in Fedora 29. JDK Mission Control is a profiling app for HotSpot JVMs, and it "has an advanced set of tools that enables efficient and detailed analysis of the extensive data collected by JDK Flight Recorder (JFR). JMC requires JDK 8 or later."

Creative Commons announces a 24-hour Web-a-thon to be held on March 5–6 (depending on your time zone) as part of Open Eduction Week: "We have amazing speakers from around the world presenting in multiple languages. Experts from Algeria, Nigeria, Argentina, South Africa, Italy, Chile, United Kingdom, Afghanistan, United States, Ireland, Sweden, Canada and Poland will present their open education projects." Sessions will be here. See this post for the presentation schedule.

Google is speeding up the back button with Chrome's new "back/forward" cache. Ars Technica reports that Chrome's new bfcache "lets the browser capture the entire state of a running page—including scripts that are in the middle of execution, the rendered images, and even the scroll position—and reload that state later. With bfcache, rather than having to reload the page from scratch, the page will look as if it was paused when you clicked a link to a new page and subsequently resumed when you hit back."

News Security cryptomining Canonical containerd Kubernetes JDK Mission Control Fedora creative commons Google Chrome
Categories: Linux News

Mozilla Releases Common Voices, KStars v3.1.0 Is Out, LibreELEC 9.0.1 (Leia) Now Available, System76's New Oryx Pro Laptops Slated to Arrive and Security Flaw in Google Chrome

Linux Journal - Thu, 02/28/2019 - 09:31

News briefs for February 28, 2019.

Mozilla today released Common Voices, the "largest to-date public domain transcribed voice dataset". The dataset includes 18 languages and almost 1,400 hours of recorded voice from more than 42,000 people. From the Mozilla blog: "With this release, the continuously growing Common Voice dataset is now the largest ever of its kind, with tens of thousands of people contributing their voices and original written sentences to the public domain (CC0). Moving forward, the full dataset will be available for download on the Common Voice site."

KStars v3.1.0 was released today, marking the first release of 2019. This release focuses on stability and performance improvements—for example, some bugs in the Ekos Scheduler, Ring-Field Focusing was added to the Focus module, and the LiveView window now enables zooming and panning for supported DSLR cameras. See the Jasem's Ekosphere blog for all the details, and go here for download links and other resources.

LibreELEC 9.0.1 (Leia) is now available. This release of the Linux-based open-source operating system for embedded devices "contains many changes and refinements to user experience and a complete overhaul of the underlying OS core to improve stability and extend hardware support. Kodi v18 also brings new features like Kodi Retroplayer and DRM support that (equipped with an appropriate add-on) allows Kodi to unofficially stream content from services like Netflix and Amazon." In addition, "Changeable SSH passwords and a default firewall configuration have been added to combat the increasing number of HTPC installs that can be found on the public internet." Go here to download.

System76's new Oryx Pro laptop with RTX 20-Series GPUs is slated to arrive today. Features include "super thin aluminum alloy design, switchable NVIDIA and Intel GPUs, performance 8th-gen CPus, 15" and 17" IPS display options and up to 32GB of memory", and comes with Pop!_OS 18.04 LTS (64-bit) or Ubuntu 18.04 LTS (64-bit) for the OS.

Softpedia News reports that the security flaw discovered by EdgeSpot is "already being exploited in the wild and an official fix would only be released by Google in late April." In addition, "The PDF documents do not appear to leak any personal information when opened in dedicated PDF readers like Adobe Reader. However, it seems the malicious code specifically targets a vulnerability in Google Chrome, as opening them in the browser triggers outbound traffic to one of two different domains called burpcollaborator.net and readnotify.com." To protect yourself, don't open any PDFs in Google Chrome, especially from untrusted sources.

News Mozilla Common Voices KStars LibreELEC System76 Laptops Google Chrome Security
Categories: Linux News

Indie Makers Using Single-Board Computers

Linux Journal - Thu, 02/28/2019 - 09:31
by Bryan Lunduke

Possibly the most amazing thing, to me, about single board computers (SBCs) is that they allow small teams of people (and even lone individuals) to create new gadgets using not much more than SBCs and 3D printers. That opportunity for makers and small companies is absolutely astounding.

Two such projects have really caught my attention lately: the Noodle Pi and the TinyPi.

The Noodle Pi is a simple, handheld computer (about the size of a deck of playing cards). And, when I say simple, I mean simple. It's got a micro-USB charging port, another for plugging in USB devices, a touch screen and a battery. Think of it like an old-school PDA without any buttons (other than a small power toggle) and the ability to run a full Linux-based desktop.

Figure 1. The Credit-Card-Sized, Pi Zero-Powered, Noodle Pi

The TinyPi is a gaming handheld. And, believe it or not, it's even smaller than the Noodle Pi, with a tiny screen and tiny buttons. This is the sort of handheld game console you could put on a keychain.

Figure 2. The Impossibly Small TinyPi (Banana for Scale)

Both of these are built on top of the (super-tiny and super-cheap) Raspberry Pi Zero. And, both are built by lone individuals with a heavy reliance on 3D printers.

I wanted to know how they did it and how their experience was. What can we learn from these independent gadget makers? So, I reached out to both of them and asked them each the same questions (more or less).

Let's start with a chat with Pete Barker (aka "pi0cket"), maker of the TinyPi.

Interview with Pete Barker (pi0cket), TinyPi Maker

Bryan Lunduke: Could you give a quick overview of the TinyPi?

Pete Barker: TinyPi is (unofficially) the world's smallest pi-based gaming device. It started life as a bit of a joke—"how small can i make this?"—but it actually turned into something pretty good. The Pro version added more features and improvements, and a kickstarter was funded on December 30, 2018. Manufacturing is already underway, and the early-bird backers should start getting the kits in February 2019.

Figure 3. The parts of the TinyPi—the Smallest Handheld Game Console I Can Possibly Imagine

Go to Full Article
Categories: Linux News

KDE Participating in Google Summer of Code 2019, MariaDB Releasing New Open-Source MariaDB Enterprise Server, CentOS Celebrates 15th Birthday, Cmd Is a New Security Tool for Linux and Red Hat Announces Red Hat Certified Architect Program in Telco Cloud

Linux Journal - Wed, 02/27/2019 - 09:40

News briefs for February 27, 2019.

KDE announces it's been selected to participate in the Google Summer of Code for the 14th year. See the KDE Community Wiki for ideas and instructions for students interested in working with KDE for GSoC 2019.

MariaDB announced it is releasing a new version of its MySQL-compatible database management system called MariaDB Enterprise Server 10.4. ZDNet reports that "This new business server comes with more powerful and fine-grained auditing, faster, highly reliable backups for large databases, and end-to-end encryption for all data at rest in MariaDB clusters." The MariaDB Enterprise Server will be available in the second quarter of this year and will be fully open source.

CentOS is celebrating its 15th birthday. As part of its birthday celebrations, the CentOS blog wants to talk with those who "were involved in the early days, as well as some that have joined later on, to talk about how and why people get involved in this project". If you're interested in telling your story, contact rbowen@centosproject.org for an interview.

Cmd is a new security tool for Linux. According to Network World, "It reaches way beyond the traditional configuration of user privileges and takes an active role in monitoring and controlling the commands that users are able to run on Linux systems." It is designed for the cloud and monitors user activity "by forming user activity profiles (characterizing the activities these users generally perform), noticing abnormalities in their online behavior (login times, commands used, user locations, etc.), and preventing and reporting certain activities (e.g., downloading or modifying files and running privileged commands) that suggest some kind of system compromise might be underway. The product's behaviors are configurable and changes can be made rapidly."

Red Hat today announced the Red Hat Certified Architect Program in Telco Cloud, "a new training and certification program emphasizing the next-generation of telecommunications innovation". The program "focuses on the skills that telecommunications engineers need to build network functions virtualization (NFV) clouds, critical technologies that can help drive advanced services like 5G."

News KDE Google MariaDB Cloud CentOS Cmd Security Red Hat Certification
Categories: Linux News

Privacy, Mine: the Right of Individual Persons, Not of the Data

Linux Journal - Wed, 02/27/2019 - 08:15
by Augustine Fou

 

“For true, lasting privacy, we must shift from the ‘privacy policies’ of companies, which spring from data protection laws, to the ‘privacy’ of individual persons, as contemplated by human rights laws.”

How do we accomplish this shift?

TL;DR (in summary)

  • Privacy pertains to the person; “privacy” is the state of being free from public attention and unwanted intrusion.
  • Data is not privacy, but data from or about a person can be private or not private depending on how it’s used, who is using it and who has control of it.
  • In the digital world, a person’s privacy policy is like the clothing that one puts on to signal what data they consider private and what is not private.
  • The companies (sites, apps and so on) that respect a person’s privacy will build relationships with that person over time.
  • The accumulation of trust over time incentivizes good behavior by both parties, to preserve value and not lose it instantly.

We live in the age of surveillance marketing, where consumers’ privacy is being violated without their knowledge, consent or recourse. Data from and about consumers is collected en masse by ad-tech companies and traded for profit. But few consumers knew about it until things blow up like the Cambridge Analytica/Facebook scandal. Most consumers think they are interacting with the sites they’re visiting or the apps (like Facebook) they’re using, but they aren't aware of the dozens of hidden ad-tech trackers that siphon their data off to other places or the aggressive data collection and cross-device tracking of apps. Not only are they not aware, they also definitely did not give consent to third parties to use, buy and sell their data. They wouldn’t even know who ABCTechCompany was anyway if it asked for consent.

Consent Is Not the Same as Permission, But Consumers Are Tricked Anyway

Go to Full Article
Categories: Linux News

Eclipse IoT Milestones, Bare-Metal Cloud Computing Risk, Purism Announces PureBoot, Go 1.12 Released, and Qualcomm and Thundercomm Launched a Robotics RB3 Platform that runs Linux with Robot Operating System

Linux Journal - Tue, 02/26/2019 - 09:28

News briefs for February 26, 2019.

The Eclipse Foundation this morning announced that Eclipse IoT, "a leading collaboration of vendors working together to define an open, modular architecture to accelerate commercial IoT adoption", has reached "3 million lines of code, 41 member companies, 37 IoT projects and 350 contributors". See the Eclipse IoT website for more on how "Eclipse IoT is the open source center of gravity for IoT". Eclipse IoT also wants to hear your thoughts and invites you to take its 2019 IoT Developer Survey.

A Supermicro hardware vulnerability allows researches to backdoor an IBM cloud server. According to the Ars Technica story, other bare-metal cloud computing providers also may be at risk to BMC (baseboard management controller) attacks. See also security firm Eclypsium's paper "The Missing Security Primer for Bare Metal Cloud Services" for more details.

Purism yesterday announced PureBoot, its "collection of software and security measures designed for you to protect the boot process, while still holding all the keys". PureBoot has six components: neutralized and disabled Intel management engine, the coreboot free software BIOS replacement, a Trusted Platform Module (TPM) chip, Heads (the tamper-evident boot software), the Librem Key (USB security token) and multifactor authentication. For more details, see the PureBoot documentation.

The Go team announced the release of Go 1.12 yesterday. Highlights of this new version of the Go programming language include opt-in support for TLS 1.3, improved modules support, and improved macOS and iOS forward compatibility. See the release notes for all the changes in Go 1.12, and download Go from here.

Qualcomm and Thundercomm launched a Robotics RB3 Platform that runs Linux with Robot Operating System (ROS) on the Snapdragon 845. Linux Gizmos reports that the kit costs $449 and "also includes a Qualcomm Robotics navigation mezzanine board that supports time-of-flight, tracking, active stereo, and 4K-ready main cameras". See Qualcomm's RB3 page and Thundercomm's RB3 page for more information.

News Eclipse IOT Supermicro IBM Cloud Security Purism PureBoot Librem Key Go SBCs robotics
Categories: Linux News

Beaker: the Decentralized Read-Write Browser

Linux Journal - Tue, 02/26/2019 - 08:00
by Michael McCallister

The best future of the internet may be peer-to-peer. The Beaker Browser offers a glimpse.

When Tim Berners-Lee invented the World Wide Web, he envisioned a single software package that allowed everyone to create and read pages across the internet. Much has happened in the intervening years, but this idea is starting to come back.

Many of the web's founders now realize that they didn't sign up for a web dominated by a few giant corporations relying on collecting massive amounts of data on its users to sell to advertisers.

The Beaker Browser project is creating a decentralized peer-to-peer web browser that, if successful, could return the web to its users. Let's explore how this is done!

Guiding Principles

Beaker Browser serves as a bridge to a possible future for the web—and the internet. You can use Beaker today to surf the web like any other Chromium-based browser. More important, you also can use Beaker to create and support a new, decentralized, server-less internet.

Beaker Browser uses a peer-to-peer network protocol called Dat to create a decentralized web platform. Websites spread from people seeding them, BitTorrent-style. When following news and discussions about the decentralized web, you'll often hear about blockchain as an underlying basis. The Beaker team thinks that blockchain negotiations and "proof of work" requirements unnecessarily slow down the web. It's better to build "communities of trust" among peers than to try to eliminate trust altogether.

Centralized servers, internet service providers and web hosting firms restrict the options for users to collaborate with one another to build a better world. Comcast, AT&T and cable companies seek to end the principle of net neutrality to narrow the content choices users have always made on their own. At the same time, Facebook, Amazon, Google and other giant content corporations seek to keep us locked inside their respective walled gardens, persuading us that they have all the content we'll ever need. There's no need to visit the open internet. Both sides of this corporate clash do this to maximize profits for themselves.

Users deserve better, and Linux users want all the choices.

Explaining Dat

The Dat Project describes itself as "Modeled after the best parts of Git, BitTorrent, and the internet, the Dat protocol is a peer-to-peer protocol for syncing files and data across distributed networks."

Dat began as a file-sharing protocol, designed to allow users to store and share encrypted files without using centralized services like Dropbox. With the Dat Desktop app, you can make any folder on your system use the Dat protocol. Every file in that folder is encrypted with a private key. Dat also allows for storing version information for each file shared on the network.

Go to Full Article
Categories: Linux News

New large hard drive and 8-year old server anniversary

Anarcat - Mon, 02/25/2019 - 12:59

It's the "installation birthday" of my home server on February 22nd:

/etc/cron.daily/installation-birthday: 0 0 | | ____|___|____ 0 |~ ~ ~ ~ ~ ~| 0 | | | | ___|__|___________|___|__ |/\/\/\/\/\/\/\/\/\/\/\/| 0 | H a p p y | 0 | |/\/\/\/\/\/\/\/\/\/\/\/| | _|___|_______________________|___|__ |/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/| | | | B i r t h d a y! ! ! | | ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ | |___________________________________| Congratulations, your Debian system "marcos" was installed 8 year(s) ago today! Best wishes, Your local system administrator

I can't believe this machine I built 8 years ago has been running continuously all that time. That is far, far beyond the usual 3 or 5 year depreciation period set in most organizations. It goes to show how some hardware can be reliable in the long term.

I bought yet another new drive to deal with my ever-increasing disk use. I got a Seagate IronWolf 8TB ST8000VN0022 at Canada Computers (CC) for 290$CAD. I also bought a new enclosure as well, a transparent Orico enclosure which is kind of neat. I previously bought this thing instead, it was really hard to fit the hard drive in because the bottom was mis-aligned: you had to lift the drive slightly to fit it in the SATA connector. Even the salesman at CC couldn't figure it out. The new enclosure is a bit better, but also doesn't quite close correctly when a hard drive is present.

Compatibility and reliability

The first 8TB drive I got last week was DOA (no, not that DOA): it was "clicking" and wasn't detected by the kernel. CC took it back without questions, after they were able to plug it into something. I'm not sure that's a good sign for the reliability of that drive, but I have another running in a backup server and it has worked well so far.

I was happily surprised to see the new drive works with my old Asus P5G410-M motherboard. My previous attempt at connecting this huge drive into older equipment failed in a strange way: when connected in a Thermaltake USB-SATA dock, it would only be recognized as 4TB. I don't remember if I tried to connect it inside the server, but I do remember connecting it to curie instead which was kind of a mess. So I'm quite happy to see the drive works even on an old SATA controller, a testament to the backwards-compatibility requirements of the standard.

Setup

Of course, I used a GUID Partition Table GPT because MBR (Master Boot Record) partition tables are limited to 2TiB. I have learned about parted --align optimal to silence the warnings when creating the device:

parted /dev/sdc mklabel gpt parted -a optimal /dev/sdc mkpart primary 0% 8MB parted -a optimal /dev/sdc mkpart primary 8MB 100%

I have come to like to call parted without going into its shell. It's clean and easy to copy paste. It also makes me wonder why the Debian installer bothers with that complicated partition editor after all...

I have encrypted the drive using Debian stretch's LUKS default, but I have given special attention to the filesystem settings, given the drive is so big. Here's the commandline I ended using:

mkfs -t ext4 -j -T largefile -i 65536 -m 1 /dev/mapper/8tb_crypt

Here are the details of each bit:

  • ext4 - I still don't trust BTRFS enough, and I don't need the extra features

  • -j - journaling, probably default, but just in case

  • -T largefile - this is where things get interesting. the mkfs manpage says that -b -1 is supposed to tweak the block size according to the filesystem size, but mkfs refuses to parse this, so I had to use the -T setting. but it turns out that didn't change the block size anyways, which is still at the eternal 4KiB

  • -i 65536 ("64 KiB per inode" ratio) - the default mkfs setting would have allowed for around five hundred million (488 281 250) inodes on this disk. given that I have less than a million files to store on there so far, that seemed totally overkill, so I bumped it up.

  • -m - don't reserve as much space for root, as default (5%) would have reserved 400GB. 1% is still too big (80GB), but I can reclaim the space later with tune2fs -m 0.001 /dev/mapper/8tb_crypt. it gives me a good "heads up" before it's time to change the drive again. besides, it's not possible to pass lower, non-zero values to mkfs, strangely

Benchmarks

I performed a few benchmarks. It looks like the disk can easily saturate the SATA bus, which is limited to 150MB/s (1.5Gbit/s unencoded):

root@marcos:~# dd bs=1M count=512 conv=fdatasync if=/dev/zero of=/mnt/testfile 512+0 enregistrements lus 512+0 enregistrements écrits 536870912 bytes (537 MB, 512 MiB) copied, 3,4296 s, 157 MB/s root@marcos:~# dd bs=1M count=512 if=/mnt/testfile of=/dev/null 512+0 enregistrements lus 512+0 enregistrements écrits 536870912 bytes (537 MB, 512 MiB) copied, 0,367484 s, 1,5 GB/s root@marcos:~# hdparm -Tt /dev/sdc /dev/sdc: Timing cached reads: 2514 MB in 2.00 seconds = 1257.62 MB/sec Timing buffered disk reads: 660 MB in 3.00 seconds = 219.98 MB/sec

A SMART test succeeded after 20 hours. Transferring the files over from the older disk took even longer: at 3.5TiB used, it's quite a lot of data and the older disk does not yield the same performance as the new one. rsync seems to show numbers between 40 and 50MB/s (or MiB/s?), which means the entire transfer takes more than a day to complete.

I have considered setting up the new drive as a degraded RAID-1 array to facilitate those transfers but it doesn't seem to be worth the trouble: this will yield warnings in a few place, adds some overhead (including scrubbing, for example) and might make me freak out for nothing in the future. This is a single drive, and will probably stay that way for the foreseeable future.

The sync is therefore made with good old rsync:

rsync -aAvP /srv/ /mnt/

Some more elaborate tests performed with fio also show that random read/write performance is somewhat poor (<1MB/s):

root@marcos:/srv# fio --name=stressant --group_reporting --directory=test --size=100M --readwrite=randrw --direct=1 --numjobs=4 stressant: (g=0): rw=randrw, bs=4K-4K/4K-4K/4K-4K, ioengine=psync, iodepth=1 ... fio-2.16 Starting 4 processes stressant: Laying out IO file(s) (1 file(s) / 100MB) stressant: Laying out IO file(s) (1 file(s) / 100MB) stressant: Laying out IO file(s) (1 file(s) / 100MB) stressant: Laying out IO file(s) (1 file(s) / 100MB) Jobs: 2 (f=2): [_(2),m(2)] [99.4% done] [1097KB/1305KB/0KB /s] [274/326/0 iops] [eta 00m:02s] stressant: (groupid=0, jobs=4): err= 0: pid=10161: Mon Feb 25 12:51:21 2019 read : io=205352KB, bw=586756B/s, iops=143, runt=358378msec clat (usec): min=145, max=367185, avg=23237.22, stdev=24300.33 lat (usec): min=145, max=367186, avg=23238.42, stdev=24300.31 clat percentiles (usec): | 1.00th=[ 450], 5.00th=[ 3792], 10.00th=[ 6816], 20.00th=[ 9408], | 30.00th=[12608], 40.00th=[14912], 50.00th=[17280], 60.00th=[19328], | 70.00th=[22656], 80.00th=[27264], 90.00th=[46848], 95.00th=[69120], | 99.00th=[123392], 99.50th=[148480], 99.90th=[238592], 99.95th=[272384], | 99.99th=[329728] write: io=204248KB, bw=583601B/s, iops=142, runt=358378msec clat (usec): min=164, max=322970, avg=4646.01, stdev=10840.13 lat (usec): min=165, max=322971, avg=4647.36, stdev=10840.16 clat percentiles (usec): | 1.00th=[ 195], 5.00th=[ 227], 10.00th=[ 251], 20.00th=[ 310], | 30.00th=[ 378], 40.00th=[ 494], 50.00th=[ 596], 60.00th=[ 2832], | 70.00th=[ 6176], 80.00th=[ 8896], 90.00th=[12480], 95.00th=[15552], | 99.00th=[22400], 99.50th=[33024], 99.90th=[199680], 99.95th=[234496], | 99.99th=[272384] lat (usec) : 250=4.86%, 500=16.18%, 750=7.01%, 1000=1.45% lat (msec) : 2=0.91%, 4=3.69%, 10=19.06%, 20=27.09%, 50=15.04% lat (msec) : 100=3.51%, 250=1.14%, 500=0.05% cpu : usr=0.11%, sys=0.27%, ctx=103127, majf=0, minf=31 IO depths : 1=100.0%, 2=0.0%, 4=0.0%, 8=0.0%, 16=0.0%, 32=0.0%, >=64=0.0% submit : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0% complete : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0% issued : total=r=51338/w=51062/d=0, short=r=0/w=0/d=0, drop=r=0/w=0/d=0 latency : target=0, window=0, percentile=100.00%, depth=1 Run status group 0 (all jobs): READ: io=205352KB, aggrb=573KB/s, minb=573KB/s, maxb=573KB/s, mint=358378msec, maxt=358378msec WRITE: io=204248KB, aggrb=569KB/s, minb=569KB/s, maxb=569KB/s, mint=358378msec, maxt=358378msec Disk stats (read/write): dm-6: ios=51862/51241, merge=0/0, ticks=1203452/250196, in_queue=1453720, util=100.00%, aggrios=51736/51295, aggrmerge=168/61, aggrticks=1196604/246444, aggrin_queue=1442968, aggrutil=100.00% sdb: ios=51736/51295, merge=168/61, ticks=1196604/246444, in_queue=1442968, util=100.00%

I am still, overall, quite happy with those results.

Categories: External Blogs

Linux Kernel 5.0-rc8 Released, Git v2.21.0 Now Available, 1TB MicroSD Cards Are in the Works, Sprint Launching 5G Service in Four Cities Soon, Emergency Point Release for Ubuntu 16.04.6

Linux Journal - Mon, 02/25/2019 - 09:27

News briefs for January 25, 2019.

Linux kernel 5.0-rc8 was released yesterday. Linus writes "This may be totally unnecessary, but we actually had more patches come in this last week than we had for rc7, which just didn't make me feel the warm and fuzzies. And while none of the patches looked all that scary, some of them were to pretty core files, so it wasn't all just random rare drivers (although those kinds also existed). So I agonized about it a bit, and then decided to just say 'no hurry' and make an rc8. And after I had tagged the rc, I noticed a patch in my inbox that I had missed that was a regression from one of the very patches this last week, so that made me feel like rc8 was the right decision."

Git v2.21.0 is now available. New features include human-readable dates, detecting case-insensitive path collisions, multi-pack indexes, delta islands and more. See the GitHub Blog for details on the new features.

1-terabyte microSD cards are now available. The Verge reports that Micron and Western Digital's SandDisk both announced UHS-I microSDXC products at Mobile World Congress. The SanDisk card will be available in April for $449.00. No information yet on the pricing or availability of the Micron card.

Also at Mobile World Congress, Sprint announced it will be launching 5G service in Atlanta, Chicago, Dallas and Kansas City in May 2019, and then in Houston, Los Angeles, New York City, Phoenix or Washington D.C. by the end of June 2019. See the TechCrunch post for more info on the 5G coverage.

An unplanned point release for Ubuntu 16.04.6 is in the works. According to the release announcement, "In the light of the recently discovered and fixed apt vulnerability, we have decided to re-build all our supported isos that could be potentially affected. We did not plan for another xenial point-release but oh well, what can you do. Security is important." The release will be available February 28th.

News kernel git Mobile Ubuntu Security
Categories: Linux News

Some (Linux) Bugs Have All the Fun

Linux Journal - Mon, 02/25/2019 - 07:30
by Bryan Lunduke

Bugs happen.

Every minute of every hour of every day, software bugs are hard at work, biting computer users in the proverbial posterior. Many of them go unnoticed (the bugs, not the posteriors). More still rise to the illustrious level of "bugs that are minor annoyances".

Yet sometimes, when the stars align just so, a bug manifests itself in a truly glorious way. And when I say "glorious", I mean "utterly destructive and soul-obliterating". Nowhere are these bugs more insidious than when they are within the operating systems (and key components) themselves.

Case in point: an October 2018 bug in an update for Windows 10 caused entire user folders to be deleted. Documents? Gone. Pictures? Like they never existed at all. This was a singular OS update that vaporized files from low-Earth orbit.

After that bug impacted roughly 1,500 Windows 10 users—before it even hit widespread distribution—Microsoft pulled the update entirely.

Then, after the engineering team in Redmond thoroughly tested and fixed this gnarly bug, they did the only obvious thing: re-release the system update—with another file-destroying issue. This time it was in their un-zip functionality. More files lost to the sands of time.

Seriously. That actually happened.

Things aren't necessarily that much better over in Apple land, either.

A little more than a year ago—at the end of November 2017—a bug occurred in Mac OS X (yeah, I know they've renamed it "macOS", but I'm stubborn and I'll call it what I want) that allowed anyone to gain root access to any Macintosh (running the latest version of the OS) by following these extremely complex steps:

  1. Turn on a Macintosh.
  2. Type root as the user name and leave the password blank.
  3. Press Enter.

I know. I know. That'll be hard to remember, right?

To Apple's credit, the company did manage to release a system update rather quickly, thus minimizing the potential damage. But, just the same, I'd say that one calls for a "yikes"—possibly even an "oh, dear".

As satisfying as it is to make fun of Microsoft and Apple—and, boy howdy, is it ever—we in the Linux (and general Free and Open-Source Software world) are not immune from highly embarrassing, crazy destructive bugs and security vulnerabilities.

What follows are two that I find rather interesting. One is a remote exploit that had serious ramifications. The other is a local security bug that, well, I find amusing.

Note: there are lots of bugs—more than likely can be cataloged—in every system on the planet. These are just the two that I picked.

For the first one, let's travel back to the year 2014—September 24th, to be precise. Taylor Swift and Meghan Trainor were dominating the radio. The Guardians of the Galaxy were busy doing their galaxy-guarding thing.

Go to Full Article
Categories: Linux News

Redis Labs Changing Its Licensing for Redis Modules Again, Raspberry Pi Rolling Out the Linux 4.19 Kernel, Windows Subsystem for Linux Updates Coming, Facebook Removing Its Spyware Onavo VPN from the Google Store and openSUSE Leap 15.1 Beta Pizza Party

Linux Journal - Fri, 02/22/2019 - 09:16

News briefs for February 22, 2019.

Redis Labs has changed its licensing for Redis Modules again. According to TechCrunch, the new license is called the Redis Source Available license, and as with the previous Commons Clause license, applies only to certain Redis Modules created by Redis Labs. With this license, "Users can still get the code, modify it and integrate it into their applications—but that application can't be a database product, caching engine, stream processing engine, search engine, indexing engine or ML/DL/AI serving engine." The TechCrunch post notes that by definition, an open-source license can't enforce limitations, so this new license technically isn't open source. It is, however, similar to other "permissive open-source licenses", which "shouldn't really affect most developers who use the company's modules".

Raspberry Pi has started rolling out the Linux 4.19 kernel. According to Phoronix, RPi is moving from kernel 4.14 to the 4.19 long-term support release. This change marks about a year of updates, and as Phoronix notes, "For Linux 4.19 alone on the Raspberry Pi front was updates to its voltage driver, under-voltage issue reporting, and the VC4 DRM changes we see each cycle. Over the span of 4.14 to 4.19 are a lot of improvements upstream and now less patches that need to be re-based and carried by the Raspberry Pi crew."

The Windows 10 April Update will let you access Linux files from Windows. ZDNet quotes Craig Loewen, a Microsoft programming manager on the updates to Windows Subsystem for Linux (WSL): "The next Windows update is coming soon and we're bringing exciting new updates to WSL with it! These include accessing the Linux file system from Windows, and improvements to how you manage and configure your distros in the command line."

Facebook to take its spyware Onavo VPN app off the Google Store. TechCrunch reports that following TechCrunch's investigation into the app and how it "sucked up data about teens" and the ensuing backlash, the "app will eventually shut down, and will immediately cease pulling in data from users for market research though it will continue operating as a Virtual Private Network in the short-term to allow users to find a replacement."

The openSUSE Leap release manager has announced that Leap 15.1 has entered the Beta phase this week, and now it's time for a Beta Pizza Party. Geeko in Nuremberg is holding a Beta Pizza Party on March 1st for testing. If you're not in Nuremberg, visit the wiki for details on how to hold your own and test away. You can download the Beta from here.

News Redis licensing open source Raspberry Pi kernel Windows Facebook VPN Privacy openSUSE
Categories: Linux News

Taking System Monitoring to the Next Level: an Interview with Scalyr CEO Steve Newman

Linux Journal - Fri, 02/22/2019 - 08:00
by Petros Koutoupis

As computing ecosystems become more complex, monitoring and analyzing those often disconnected moving parts becomes increasingly challenging.

Today's data center has evolved from a single supplier producing and selling all-in-one offerings, such as the days when EMC, NetApp, HP or even Sun owned your data center and you chose a vendor and stuck with it. Those same vendors provided you with the required tools to monitor, analyze and troubleshoot their entire stack.

Shifting focus to the present, the landscape now appears to be quite different. Instead, you will find environments of mixed offerings provided by an assortment of vendors, both large and small. Proprietary machines work side by side with off-the-shelf commodity devices hosting software-defined software. Half of your applications may be hosted in virtual machines over a hypervisor or just spun up in a container. How does a modern data-center administrator or DevOps professional manage such an environment?

An assortment of platforms and frameworks exist that provide such capabilities, but they're not all one and the same. In some cases, those same tools will need to be coupled with others to produce something useful (for example, ELK: Elasticsearch + Logstash + Kibana). Unfortunately, this arrangement just adds to the complication and frustration when attempting to diagnose or discover problems in your computing environment.

Putting an end to this level of complexity, one company stands out among the rest: Scalyr. Scalyr develops and offers a complete suite of server monitoring, log management, visualization and analysis tools, which integrate with cloud services. I recently had the pleasure of chatting with Scalyr CEO Steve Newman.

His is not a household name, like Steve Jobs or Bill Gates, but you will be familiar with his work and contributions to cloud-enabled technologies. Although this is likely to change with Scalyr, Steve is best known for his work with Writely, a technology that later was acquired by Google and relabeled as Google Docs. In our conversation, Steve and I took the opportunity to discuss Scalyr, its solution and the problem it solves.

Steve Newman, Scalyr CEO

Petros Koutoupis: Tell me a bit about yourself. Who is Steve Newman?

Steve Newman: I am an engineer by both training and background and have spent most of my career in the startup environment. This is because I enjoy building things. I was at Google for a number of years following an acquisition, and while the experience itself was great, the startup bug in me drove me to Scalyr.

PK: So, now you founded a company called Scalyr. Please tell us, what is Scalyr?

Go to Full Article
Categories: Linux News

GNOME 3.31.91 Beta Released, Cisco's Duo Security Launching a Beta of Its CRXcavator Tool to Find Risky Chrome Extensions, Fedora 30 Now Has Flicker Free Boot, Qt Creator 4.9 Beta Now Available and Four New openSUSE Tumbleweed Snapshots

Linux Journal - Thu, 02/21/2019 - 09:54

News briefs for February 21, 2019.

GNOME 3.31.91 beta was released this morning. This is the second beta of the 3.32 release cycle and also the start of the string freeze. See the list of all the changes and updates here. The BuildStream project snapshot is here, or you can get the source packages from here.

Cisco's Duo Security division is launching a public beta of its CRXcavator tool to help discover risky Google Chrome web extensions. According to the eWeek post, CRXcavator "will make it easier for organizations to take inventory of the Chrome extensions running across their enterprise, understand what if any risk they pose and then link that to a policy for secure deployment. As part of the effort to build CRXcavator, Duo also looked at over 120,000 Chrome extensions, to discover potential security concerns and risks."

Fedora 30 now has a fully Flicker Free boot. Hans de Goede's blog reports that "Last week a new version of plymouth landed which implements the new theme for this and also includes a much improved offline-updates experience, following this design. At boot the display will seamlessly transit from the firmware boot-splash into the new plymouth theme, which uses the firmware boot-splash as background." See the post for screenshots and more details.

Qt Creator 4.9 Beta was released today. Improvements include generic programming language support, the QML parser was updated to Qt 5.12, the UI for diagnostics from the Clang analyzer tools has many improvements, and much more. You can get the open-source version from the Qt downloads page.

Four openSUSE Tumbleweed snapshots were released this week, bringing updates for Kerberos, GNOME, KDE, YaST and Mozilla Firefox.

News GNOME Cisco Security Chrome Fedora Qt Creator openSUSE
Categories: Linux News
Syndicate content