Skip to main content

Feed aggregator

Puppet Redefines Infrastructure Automation

Linux Journal - Wed, 05/15/2019 - 06:30
by Petros Koutoupis

Puppet has long been regarded as nothing more than an open-source software configuration management tool. The company has become a standard for automating the delivery and operation of the software that powers everything around us. Well, this is about to change. Puppet has evolved and has positioned itself to tackle enterprise-grade problems. All of this and more, was announced on May 2, 2019.

So what makes this announcement so exciting? I sat down with Matt Waxman, Puppet's Head of Products to learn more.

Petros Koutoupis: Please introduce yourself to our readers.

Matt Waxman: I have been the Head of Products at Puppet since 2017. I have been in the Product space for at least 20 years, largely focused on infrastructure. Before coming to Puppet, I was in data storage backup, replication and disaster recovery. I am the guy who deals with roadmaps and user experience across our product portfolio.

Petros: What can you tell us about this announcement?

Matt Waxman: Automation of more than just the state of your virtual machines, containers and so on is extremely important. How do you enable more teams? It is all about service, safety and quality of delivery. This is what we are doing with Puppet to serve those exact needs. And with our latest release 2019.1, we simplify the experience in automation to meet those demands.

We enhanced our agentless and agent-based capabilities, such as supporting the automation of network devices (for example, Cisco and Palo Alto) and giving users the ability to automate anything and anywhere quickly, efficiently, safely and at scale. But some of our most notable changes are centered around our agentless task runner, Bolt. We introduced it about a year and a half ago. Bolt is an automation tool built to automate anything in your infrastructure without the hassle. It was very well received by the Open Source community. What is new here though is we have found that more and more customers and users are starting to automate from a development perspective. Developers have a constant need to stand up an infrastructure quickly for both testing and support. Not only did we make Bolt more user-friendly for the broader community, but we also added YAML support.

Petros: Why is this announcement so exciting?

Matt Waxman: The demand for infrastructure-focused automation is growing, and many companies are unable to scale to meet that demand. With release 2019.1, we made a lot of investment in not only addressing this challenge but also in simplifying the experience.

Go to Full Article
Categories: Linux News

Update WhatsApp Now, Adobe Warning Creative Cloud Users with Older Apps, Kernels Older than 5.0.8 Are Vulnerable to Remote Code Execution, Schools in Kerala Choose Linux and MakeOpenStuff Is Launching the HestiaPi Touch Smart Thermostat

Linux Journal - Tue, 05/14/2019 - 08:55

News briefs for May 14, 2019.

A vulnerability in WhatsApp allows spyware to be installed from a single unanswered phone call. The Verge reports that the "spyware, developed by Israel's secretive NSO group, can be installed without trace and without the target answering the call, according to security researchers and confirmed by WhatsApp. Once installed, the spyware can turn on a phone's camera and mic, scan emails and messages, and collect the user's location data. WhatsApp is urging its 1.5 billion global users to update the app immediately to close the security hole."

Adobe warns Creative Cloud users with older apps. According to Engadget, "The software company has sent out emails to customers warning them of being "at risk of potential claims of infringement by third parties" if they continue using outdated versions of CC apps, including Photoshop and Lightroom. These emails even list the old applications installed on the subscribers' systems, and in some cases, they mention what the newest available versions are." Users are being told they are no longer licensed to use the apps and that they need to update to the latest authorized version.

Linux systems running distros with kernels older than 5.0.8 are vulnerable to remote code execution. From Bleeping Computer: "Potential attackers could exploit the security flaw found in Linux kernel's rds_tcp_kill_sock TCP/IP implementation in net/rds/tcp.c to trigger denial-of-service (DoS) states and to execute code remotely on vulnerable Linux machines. The attacks can be launched with the help of specially crafted TCP packets sent to vulnerable Linux boxes which can trigger use-after-free errors and enable the attackers to execute arbitrary code on the target system." The vulnerability is being tracked as CVE-2019-11815.

Schools in the Indian state of Kerala have chosen Linux as their OS, which will save them roughly $428 million. According to It's FOSS, Kerala is "the first 100% literate Indian state". IT classes have been mandatory since 2003, and the schools started adopting free and open-source software a few years later, with the plan of getting rid of proprietary software in the schools. "As a result, the state claimed to save around $50 million per year in licensing costs in 2015. Further expanding their open source mission, Kerala is going to put Linux with open source educational software on over 200,000 school computers."

MakeOpenStuff is launching a Crowd Supply campaign for HestiaPi Touch, "an open source, smart thermostat for controlling HVAC and water systems". Linux Gizmos writes that the thermostat "runs a Linux-based openHAB stack on an RPI Zero W along with relays, a 3.5-inch display, and temperature, humidity, and pressure sensors". The HestiaPi Touch will cost $95 (without a case) or $145 (with case), and it's expected to ship in October or November. Linux Gizmos notes that "The hackable device competes directly with the $249 Google Nest Learning Thermostat. Unlike the Nest devices, it does not require a cloud connection thereby ensuring privacy and offering full control to the user."

News Security WhatsApp Adobe kernel Education HestiPi Touch Raspberry Pi Privacy
Categories: Linux News

CGroup Interactions

Linux Journal - Tue, 05/14/2019 - 07:00
by Zack Brown

CGroups are under constant development, partly because they form the core of many commercial services these days. An amazing thing about this is that they remain an unfinished project. Isolating and apportioning system elements is an ongoing effort, with many pieces still to do. And because of security concerns, it never may be possible to present a virtual system as a fully independent system. There always may be compromises that have to be made.

Recently, Andrey Ryabinin tried to fix what he felt was a problem with how CGroups dealt with low-memory situations. In the current kernel, low-memory situations would cause Linux to recuperate memory from all CGroups equally. But instead of being fair, this would penalize any CGroup that used memory efficiently and reward those CGroups that allocated more memory than they needed.

Andrey's solution to this was to have Linux recuperate unused memory from CGroups that had it, before recuperating any from those that were in heavy use. This would seem to be even less fair than the original behavior, because only certain CGroups would be targeted and not others.

Andrey's idea garnered support from folks like Rik van Riel. But not everyone was so enthralled. Roman Gushchin, for example, pointed out that the distinction between active and unused memory was not as clear as Andrey made it out to be. The two of them debated this issue quite a bit, because the whole issue of fair treatment hangs in the balance. If Andrey's whole point is to prevent CGroups from "gaming the system" to ensure more memory for themselves, then the proper approach to low-memory conditions depends on being able to identify clearly which CGroups should be targeted for reclamation and which should be left alone.

At the same time, the situation could be seen as a security concern, with an absolute need to protect independent CGroups from each other. If so, something like Andrey's patch would be necessary, and many more security-minded developers would start to take an interest in getting the precise details exactly right.

Note: if you're mentioned above and want to post a response above the comment section, send a message with your response text to

Go to Full Article
Categories: Linux News

Linux Journal ASCII Art Contest

Linux Journal - Mon, 05/13/2019 - 15:34
by Bryan Lunduke

Do you have l33t ASCII/ANSI art skillz? Your work could grace the cover of Linux Journal!

That's right—your ASCII art on the cover of the longest-running Linux publication on the planet.

What the artwork is depicting is, really, up to you. But, since this is Linux Journal, here are a few good ideas:

  • Something involving Tux the Penguin.
  • Something involving Linux in general.
  • Something involving terminals or computers in general.
  • Something else entirely, so long as it makes us think, "Gee, Linux is awesome."

How to submit your entry:

  1. Make sure your ASCII or ANSI artwork is saved as an image file (jpg or png) that is roughly 1600 x 1600 (give or take—larger is fine as well).
  2. Email that image, along with how you want your name to appear, to
  3. Make sure it's postmarked (yeah, I know, that's not really a thing with email, but I felt like using that word today) by July 1, 2019.


  • Q: Should my ASCII/ANSI art use colors?
  • A: Up to you!
  • Q: Should I also include the raw text version of the ASCII art when I submit it?
  • A: Sure! That'd be groovy!
  • Q: How awesome will I feel when I see my ASCII art on the cover of Linux Journal?
  • A: Very.
Go to Full Article
Categories: Linux News

On free speech at and Mastodon

Anarcat - Mon, 05/13/2019 - 10:22

I have been cautiously enthusiastic about They have done interesting work liberating their own hardware from the clutches of Intel backdoors and are enthusistically creating a new kind of phone. Recently, they figured they would also become a new hosting provider but that not going as well as one might hope. It seems they have decided to rewrite the standard Community Covenant code of conduct and rinse it down to create a absolutist "free speech zone".

This is a serious mistake and will create an escape hatch from mainstream social media for neo-nazis, trolls, masculinists and other scum1 of the internet. Purism should not be part of this, and if they do not revert this stance, I will discourage anyone from doing business with them ever again.

An introduction to the Purism projects

In a private mailing list, I summarized the situation of the Librem projects as follows:

Hi all,

Do people on this list have any opinion about ?

Overall, I think it's a good idea.

Devil is in the details, however. There was some controversy on how Purism has rebranded and forked existing free software projects without giving clear credit in the original announcements. They have responded to this, however, with something I find somewhat satisfactory.

I'm a little concerned about Purism taking on too much: they started by making laptops and ventured into forking Debian to have their own distribution - a common pattern in hardware manufacturers supporting Debian, same happened with System76. But now they are building a phone, and not content with Android, they are building their own OS, based on Debian, and I worry it will not deliver and disappoint a lot of people.

This is another venture that, coming from a hardware manufacturer, I am also somewhat worried about. Launching, simultaneously, an Email, Chat, social networking and VPN provider is a very ambitious goals. Members of our communities have been spending years deploying those services and it's a little frustrating to see Purism just barge in there and offer their services, for a fee on top of that.

But I will be the first to recognize that running services comes at a cost: hardware, cooling, real-estate and especially labor are not free. So I think it's fair they charge a price, and a fair one at that too.

So I wish them good luck and I am curious to see where it will go. At least they picked federated protocols which interoperate with our stuff: that is good. I'm worried they will undercut other community providers like ours, but I guess the more the merrier...

The Purism code of conduct tolerates Nazis

Now something else came up and that's the code of conduct which more less says "Nazis are okay, as long as they don't harrass people", a position which I have come to fundamentally disagree with.

This post is what brought the problem to my attention. It includes screenshots2 from a conversation with Kyle Rankin, the Purism Chief Security Officer where he claims that Purism doesn't need to list "bad behaviors" in their code of conduct because "harrassment" suffices. He also argues that control over content isn't required because they don't have a "shared Mastodon3 timeline".

Concretely, their code of conduct states that:

This Code of Conduct is adapted from the Community Covenant, The only change made was to remove the list of examples in the interest of readability.

This seems innocuous enough, but the changes go beyond simply "readability". This is how the Covenant code of conduct actually begins:

Our pledge

In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.

In comparison, this is how the Purism code begins:

Our goal

This community is dedicated to providing a harassment-free experience for everyone. We do not tolerate harassment of participants in any form.

By removing specific the list of unacceptable behavior, they are implicitely allowing it. Purism seem to pivot around "legally protected free speech" and argue that "harrassment is not legally protected" which is why it's not allowed in their code of conduct. Their argument is they shouldn't decide what's allowed on their own server and instead seem to delegate this to the US constitution and law enforcement. Indeed, their FAQ says:

How do I report illegal content?

Any illegal content or illegal acts should be reported to the appropriate authorities who are equipped to handle it.

So it's not just a matter of "readability", but also that they don't actually want to "restrict free speech". This seems to me, at best a cop-out that leaves victims totally on their own, and, at worst, creates a "safe space" for neo-nazis to escape the narrowing controls imposed on larger platforms like Twitter, Facebook and Reddit. This is the same position that "big tech" (as Purism calls its competitors) are taking. They are trying really hard to remove themselves from the editorial process and claim they are not responsible for content.

In practice, this is a little white lie: Facebook, Twitter and all those platforms employ armies of moderators that constantly police their network.4 The question, therefore, is what that platform specifically allows and refuses. Pornography, for example, is definitely allowed "legally protected free speech" in the USA, yet it's forbidden on Facebook. Some large providers have also started to crack down on neo-nazis, like Facebook, Youtube, Apple, and Spotify banning Alex Jones from their networks. Twitter seems slower to follow and some claim that's because they might they risk banning Republicans as well because they confuse artificial intelligence (and, arguably, human intelligence as well).

Free speech absolutism and its impacts

The first impact of this is that some Mastodon servers are blocking the Purism instance altogether. This makes Purism's claims of federation somewhat dishonest:

Yes, you can follow and fully interact with people inside or outside the domain. (not locked-in to one technology company)

Of course, that's the nature of federation, but I am not aware of such a company (especially one which claims to have a social purpose) blocked right off the bat from the federation.

The second impact, of course, is that free speech fanatics, the alt-right, and neo-nazis are soon going to invade that space. The hordes of trolls, tired of getting banned on Twitter, will be happy to find a safe haven on, especially since there will be a juicy community of unsuspecting "social justice warriors" like me there to troll and brutalize.

There's a long history of tolerating hate speech in the USA, based on the US constitution, at least from state institutions. As a reminder, the first amendment says that:

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.

Free speech absolutits like to read this by disregarding the words "congress", "law" and "government" in there and interpret this as applying to the entire fabric of society. But that's not how free speech works, even in the US. The first amendment concerns Congress and the laws it passes. There is absolutely no law in the US that forbids a private company to enforce contents on its own. It's the editorial right of any content editor (because that's what you become when you start your own twitter) to censor any speech that they like. This is also how XKCD put it:

Public Service Announcement: The Right to Free Speech means the government can't arrest you for what you say.

It doesn't mean that anyone else has to listen to your bullshit, or host you while you share it.

The 1st Amendment doesn't shield you from criticism or consequences.

If you're yelled at, boycotted, have your show canceled, or get banned from an Internet community, your free speech rights aren't being violated.

It's just that the people listening think you're an asshole.

And they're showing you the door.

For the record, I used to be a free speech absolutist myself. But I have since then reviewed my position on this: I think free speech, like any human right, is not absolute, and should take into account political and social dynamics. Free speech, right now, is not in danger, or at least specifically not right wing fear-mongering, racism and sexism. Hate speech is on the rise, and I find it particularly offensive to hear the arugment that it is "legally protected" because it is false and dangerous.

Hate speech was the prelude to the rise of facism in the early 20th century. Those fascists support free speech as long as it serves their purpose, but they are the first to destroy it when they are back in power. Not only figuratively, through censorship, but litterally, by harrassing, beating up, and murdering people. By allowing hate speech, we are paving the way for those people to come out of the closet and pose more daring actions.

We can already see this happening in the US and elsewhere:

  • In 2015, a white supremacist walked into a church in Soutch Carolina and murdered nine african-americans "in the hope of igniting a race war".

  • In 2017, Heather Heyer was one of the victims in a large fascist rally in Virginia. The perpetrator was previously posting neo-nazi memes and symbols on Facebook.

  • In 2018, another neo-nazi walked into a synagogue in Pittsburg and murdered eleven people. He had previously posted anti-semitic comments on the far-right Gab social network.

  • And this year, in 2019, another neo-nazi walked into a Mosque and murdered 51 people in New Zealand. He streamed everything on Facebook Live and he distributed his manifesto on Twitter and 8chan.

This is real. This is now. This is what Purism enables by tolerating hate speech. And it's not right. Free speech should never be an enabler for such horrors. We don't tolerate it for ISIL and jihadist terrorism, why should we tolerate it for the white supremacy groups?

First they came for the socialists, and I did not speak out — because I was not a socialist.

Then they came for the trade unionists, and I did not speak out — because I was not a trade unionist.

Then they came for the Jews, and I did not speak out — because I was not a Jew.

Then they came for me — and there was no one left to speak for me.

Martin Niemöller

For the sake of transparency, I should state that I have ordered a laptop from Purism about a month ago and the machine was "dead on arrival" when it arrived last week. I've also been having trouble getting the machine returned although it seems this will might resolve itself today.

  1. scum, the topmost liquid layer of a cesspool or septic tank, a reprehensible person or persons. Nazi Scum. ↩

  2. The screenshots do not display correctly in the thread, but here are Internet Archive links: 1 2. ↩

  3. For context, Mastodon is a Twitter/Twitdeck clone that implements standard federated protocol and can interoperate with other instances like Gnu Social. It's presumably Twitter done right, like email. In practice, you'll see there are tricky edge cases, naturally. ↩

  4. For a good perspective on that gruesome work, I recommend this article on The Verge and there are also two documentaries I'm aware of that cover the topic as well, The Cleaners and The Moderators. ↩

Categories: External Blogs

Kernel 5.1.1 Is Out, a Raspberry Pi Captured a Photo of a Soyuz in Space, It Might Be the Year of the Desktop, Nanonote 1.2.0 Released and OpenMandriva Lx 4.0 RC Is Now Available

Linux Journal - Mon, 05/13/2019 - 08:40

News briefs for May 13, 2019.

Greg Kroah-Hartman announced the release of the 5.1.1 kernel, saying "All users of the 5.1 kernel series must upgrade".

A Raspberry Pi captured a photo of a Soyuz in space. See the Raspberry Pi Blog for details on how a Raspberry Pi 1 B+ and a Rasperry Pi camera module captured the photo a Soyuz vehicle on its way to the International Space Station, as part of the European Space Agency (ESA) and Raspberry Pi's Astro Pi Challenge.

Windows and Chrome are making 2019 the "year of the desktop". PCWorld writes, "After years of endless jokes, 2019 is truly, finally shaping up to be the year of Linux on the desktop. Laptops, too! But most people won't know it. That's because the bones of the open-source operating system kernel will soon be baked into Windows 10 and Chrome OS, as Microsoft and Google revealed at their respective developer conferences this week."

Nanonote 1.2.0 has been released. With this new version, you now can use Ctrl + the mouse wheel to make text bigger or smaller, links are no longer hard-coded to be blue and instead use the theme color, and it now speaks German. You can read the full changelog and get deb and rpm packages here.

OpenMandriva Lx 4.0 RC was released. From the announcement: "We are almost there. Last step before the long awaited OpenMandriva Lx 4.0 is Release Candidate that we are happy to release today. This milestone got another turn of bug fixing, fine-tuning, and several updates including Plasma5 desktop, KDE Frameworks and KDE Applications, LLVM/clang, Java." See the Release notes for more information and download links.

News kernel Raspberry Pi Desktop OpenMandriva
Categories: Linux News

Introducing Mypy, an Experimental Optional Static Type Checker for Python

Linux Journal - Mon, 05/13/2019 - 06:30
by Reuven M. Lerner

Tighten up your code and identify errors before they occur with mypy.

I've been using dynamic languages—Perl, Ruby and Python—for many years. I love the flexibility and expressiveness that such languages provide. For example, I can define a function that sums numbers:

def mysum(numbers): total = 0 for one_number in numbers: total += one_number return total

The above function will work on any iterable that returns numbers. So I can run the above on a list, tuple or set of numbers. I can even run it on a dictionary whose keys are all numbers. Pretty great, right?

Yes, but for my students who are used to static, compiled languages, this is a very hard thing to get used to. After all, how can you make sure that no one passes you a string, or a number of strings? What if you get a list in which some, but not all, of the elements are numeric?

For a number of years, I used to dismiss such worries. After all, dynamic languages have been around for a long time, and they have done a good job. And really, if people are having these sorts of type mismatch errors, then maybe they should be paying closer attention. Plus, if you have enough testing, you'll probably be fine.

But as Python (and other dynamic languages) have been making inroads into large companies, I've become increasingly convinced that there's something to be said for type checking. In particular, the fact that many newcomers to Python are working on large projects, in which many parts need to interoperate, has made it clear to me that some sort of type checking can be useful.

How can you balance these needs? That is, how can you enjoy Python as a dynamically typed language, while simultaneously getting some added sense of static-typing stability?

One of the most popular answers is a system known as mypy, which takes advantage of Python 3's type annotations for its own purposes. Using mypy means that you can write and run Python in the normal way, gradually adding static type checking over time and checking it outside your program's execution.

In this article, I start exploring mypy and how you can use it to check for problems in your programs. I've been impressed by mypy, and I believe you're likely to see it deployed in a growing number of places, in no small part because it's optional, and thus allows developers to use it to whatever degree they deem necessary, tightening things up over time, as well.

Dynamic and Strong Typing

In Python, users enjoy not only dynamic typing, but also strong typing. "Dynamic" means that variables don't have types, but that values do. So you can say:

Go to Full Article
Categories: Linux News

Alpine Linux Docker Images Shipped with Unlock Root Accounts, Mozilla Offering a Research Grant to Embed Tor into Firefox, Plasma 5.16 to Get a Rewritten Notification System, Unity 2019.2 Beta Released and Emirates NBD Wins Red Hat's 2019 Innovation Award

Linux Journal - Fri, 05/10/2019 - 09:13

News briefs for May 10, 2019.

Alpine Linux Docker images available on Docker Hub shipped for three years with unlocked root accounts. Threatpost reports that "For three years, some Alpine Linux Docker images have shipped with a root account and no password, opening the door for attackers to easily access vulnerable servers and workstations provisioned for the images. Affected versions of Alpine Linux Docker distros include 3.3, 3.4, 3.5, 3.6, 3.7, 3.8 and 3.9 Alpine Docker Edge, according to Cisco Talos researchers who discovered the bug, tested each version and released their findings on Wednesday. Vulnerable images of Alpine Linux Dockers were available via the official Docker Hub portal since late 2015."

Mozilla has offered a research grant to find a way to embed Tor into Firefox to create a Super Private Browser mode. According to ZDNet, although Tor does work with Firefox, the integration slows it down, so "a better Tor integration is one of the key points that Mozilla is willing to fund via its Research Grants 2019H1 program that the organization announced last month." The article quotes Mozilla, "'Enabling a large number of additional users to make use of the Tor network requires solving for inefficiencies currently present in Tor so as to make the protocol optimal to deploy at scale.'"

Plasma 5.16 will have a completely rewritten notification system. Notifications will have a new look and feel, a do not disturb mode, revamped progress reporting and more. See Plasma developer Kai Uwe's blog for more information. The 5.16 release is expected sometime in June.

Unity 2019.2 beta is now available. From the announcement: "In this beta, we've included the popular Polybrush tool as a package, added the Unity Distribution Portal to get your games and apps to new global audiences, improved and expanded the toolsets for mobile, lighting, 2D, XR, and more." See the release notes for all the details, and get the beta from here.

Emirates NBD wins Red Hat's 2019 Red Hat Innovation Award. From the press release: "Emirates NBD, a leading banking group in the United Arab Emirates (UAE), has built a distributed private cloud platform with Red Hat's hybrid cloud and application programming interface (API) technologies as part of its digital transformation strategy. Its platform provides a common foundation and access to cloud-native services for internal teams, improving integration, collaboration and speed of development. The Red Hat-based cloud helps enable Emirates NBD to better keep pace with its competition, to make banking more available, and to more dynamically offer modern, personalized services to customers."

News Alpine Linux Docker Security Mozilla Firefox Tor Plasma unity Red Hat
Categories: Linux News

What The @#$%&! (Heck) is this #! (Hash-Bang) Thingy In My Bash Script

Linux Journal - Fri, 05/10/2019 - 06:30
by Mitch Frazier


You've seen it a million times—the hash-bang (#!) line at the top of a script—whether it be Bash, Python, Perl or some other scripting language. And, I'm sure you know what its purpose is: it specifies the script interpreter that's used to execute the script. But, do you know how it actually works? Your initial thought might be that your shell (bash) reads that line and then executes the specified interpreter, but that's not at all how it works. How it actually works is the main focus of this post, but I also want to introduce how you can create your own version of "hash-bang" if you're so inclined.

Go to Full Article
Categories: Linux News

IBM's Red Hat Deal, NuoDB Operator Now Has Red Hat OpenShift Operator Certification, Krita 4.2.0 Alpha Released, Elive 3.0 Update, UBports Announces Ubuntu Touch OTA-9 and Fedora Kernel 5.1 Test Week Starts Monday

Linux Journal - Thu, 05/09/2019 - 08:17

News briefs for May 9, 2019.

The Department of Justice recently concluded its review of IBM's Red Hat acquisition, which is still on track for later this year. ZDNet reports that Red Hat released the results of an IDC study at Red Hat Summit, "which concluded software and applications running on Red Hat Enterprise Linux (RHEL) are expected to contribute to more than $10 trillion worth of global business revenues in 2019. That's about 5% of the worldwide economy for those of you following at home." ZDNet notes that "IBM's $34 billion acquisition of Red Hat is looking better than ever."

Distributed SQL database vendor NuoDB yesterday announced that its NuoDB Operator now has Red Hat OpenShift Operator Certification and is available immediately on Red Hat OpenShift. From the press release: "The newly available NuoDB Operator easily configures and deploys the NuoDB Community Edition (CE), allowing users to build, run and manage a NuoDB database natively inside Red Hat OpenShift. Users also have the option to deploy the database with a sample SQL application that generates SQL activity on the database, allowing them to more quickly experience NuoDB in action. Users can then enable NuoDB Insights, a graphical dashboard that provides insight into the performance and overall health of the database, to learn how the sample database performed. Armed with this information, users can better understand, optimize and troubleshoot the database, making it easier to effectively evaluate NuoDB in Red Hat OpenShift."

Krita 4.2.0 alpha was released yesterday. Since Krita 4.1 was released last June, the team has fixed around 1500 bugs, and they've "implemented a host of new features, workflow improvements and little bits of spit and polish." New features include "much improved tablet support on all platforms, HDR painting on Windows, improved painting performance, improved color palette docker, animation API for scripting, gamut masks, improved artistic color selector, an improved start screen that can now show you the latest news about Krita, changes to the way flow and opacity work when painting". You can see the release notes here. The announcement says they are on track to release version 4.2 later this month.

Elive 3.0 has been updated, and this should be the last update before the 3.0 release. From Samuel F. Baggen's announcement: "in the last few months I have been deeply working on the next future versions of Elive, which will support things like Secure Boot and UEFI, with 64bit available builds and based in Debian Buster, all these things are simply...amazing! I hope to make the next beta versions publicly available soon with also including a working installer that will have extra features! I didn't wanted to publicly announce anything until now because I'm a meticulous perfectionist who wants to verify that most of the things are correctly working before giving any promise."

UBports yesterday announced the release of Ubuntu Touch OTA-9. OTA-9 will roll out to supported Ubuntu Touch devices over the next few days. This release is mostly a stability release, but it includes a refreshed look, Nexus 5 camera fixes and the QQC2 Suru Style. You can read the full changelog here.

Fedora is planning a kernel 5.1 test week next week, which will run 5/13/2019 through 5/18/19. If you want to help test, see the wiki page for instructions.

Categories: Linux News

Ubuntu Advantage for Infrastructure: an Interview with Canonical

Linux Journal - Thu, 05/09/2019 - 07:00
by Petros Koutoupis

On April 29, 2019, Canonical made headlines by officially announcing the availability of Ubuntu Advantage for Infrastructure If you are unfamiliar with Canonical and the work that they do:

Canonical is the publisher of Ubuntu, the OS for most public cloud workloads as well as the emerging categories of smart gateways, self-driving cars and advanced robots. Canonical provides enterprise security, support and services to commercial users of Ubuntu.

Ubuntu Advantage for Infrastructure changes the entire landscape of service offerings for open-source software. Instead of itemizing and charging for each and every component or add-on, Canonical promises its customers a per-node service package, regardless of the technologies running on it. I was able to sit down and chat with Stephan Fabel, who was generous enough to provide a bit more detail around this exciting announcement.

Petros Koutoupis: Tell us about yourself.

Stephan Fabel: My name is Stephan Fabel, and I am Director of Product over at Canonical. So, I am running a team as the Product Manager, and I am responsible for the portfolio of products that go out to our customers.

Petros: For our readers who are unfamiliar, what is Ubuntu Advantage?

Stephan: As you might know, Ubuntu always has been freely available as an open-source Linux distribution for everybody to consume. And, for those users who wish to enter that commercial relationship with Canonical, either because they are interested in our additional bit-streams that we offer like kernel patches, extended security maintenance, FIPS compliance crypto libraries, or because they would like to get support for each of those open infrastructure components that we are covering, Ubuntu Advantage is the program that they would subscribe to.

Petros: What makes this recent announcement of Ubuntu Advantage for Infrastructure so exciting?

Go to Full Article
Categories: Linux News

OASIS Announces Open Projects, Endless OS Launches Endless Studios, Microsoft and Red Hat Announce the General Availability of Azure Red Hat OpenShift, Supermicro Collaborates with Red Hat, and All Chromebooks to Launch This Year Will Support Linux Apps

Linux Journal - Wed, 05/08/2019 - 08:12

News briefs for May 8, 2019.

OASIS this morning announced the launch of Open Projects. The press release describes Open Projects as "the first-of-its-kind program that creates a more transparent and collaborative future for open source and standards development. Open Projects gives communities the power to develop what they choose—APIs, code, specifications, reference implementations, guidelines—in one place, under open source licenses, with a path to recognition in global policy and procurement."

Endless, creators of Endless OS and a $79 Linux computer, have announced a new venture, which begins today: Endless Studios. Matt Dalio and the Endless Studios team have "created a series of games on Linux, Endless OS, and Hack that teach kids to code (without them knowing)." Go to the site to check out the games and play a demo. See also this video for a look at Endless Studios Games.

Microsoft and Red Hat yesterday announced the general availability of Azure Red Hat OpenShift. From the press release: "Azure Red Hat OpenShift provides a powerful on-ramp to hybrid cloud computing, enabling IT organizations to use Red Hat OpenShift Container Platform in their datacenters and more seamlessly extend these workloads to use the power and scale of Azure services. The availability of Azure Red Hat OpenShift marks the first jointly managed OpenShift offering in the public cloud."

Supermicro announces a collaboration with Red Hat "to develop powerful open private cloud solutions based on Supermicro's industry-leading SuperServer and SuperStorage systems as well as Red Hat OpenShift Container Platform. With fully integrated hardware, software and support packages, these new solutions built with enterprise Kubernetes provide the ability to deploy and manage containers in an on-premises, private and hybrid cloud environment." For more information on the Supermicro Solution for Red Hat OpenShift Container Platform, go here.

All Chromebooks that launch this year will support Linux apps. According to Android Police, "Google announced that all Chromebooks launched in 2019 will be Linux-ready right out of the box, which is great for developers, enthusiasts, and newbies alike. These announcements have been quick and brief, but at least this news is straight to the point, though every Chromebook I've tested recently had Linux support....Oh, and they mentioned that Android Studio is also a one-click install, too. That's neat."

News OASIS Open Projects open source Endless Studios gaming Education Microsoft Red Hat OpenShift Containers Azure Supermicro Cloud Servers Chromebooks
Categories: Linux News

We Need to Save What Made Linux and FOSS Possible

Linux Journal - Wed, 05/08/2019 - 08:11
by Doc Searls

If we take freedom and openness for granted, we'll lose both. That's already happening, and we need to fight back. The question is how.

I am haunted by this passage in a letter we got from reader Alan E. Davis (the full text is in our Letters section):

...the real reason for this letter comes from my realization—in seeking online help—that the Linux Documentation Project is dead, and that the project—now taken over by open printing, I think, is far from functioning well. Linux has been transformed into containers, and embedded systems. These and other such projects were the heart and soul of the Free Software movement, and I do not want for them to be gone!

This is the kind of thing Bradley Kuhn (of the Software Freedom Conservancy) lamented in his talk at last year. So did Kyle Rankin in his talk at the same event (video, slides and later, an LJ article). In an earlier conversation on the same stage (it was a helluva show), Simon Phipps (of the Open Source Initiative) and I had our own lamentations.

We all said it has become too easy to take Linux and FOSS for granted, and the risks of doing that were dire. Some specifics:

Go to Full Article
Categories: Linux News

What is the worst Linux Distro?

Linux Journal - Tue, 05/07/2019 - 17:18

Please support Linux Journal by subscribing or becoming a patron.

Categories: Linux News

Red Hat Enterprise 8 Now Available, Microsoft Announces New Windows 10 Terminal App, Microsoft and Red Hat Announce an Open-Source Kubernetes Event-Driven Autoscaling Service, StackRox Partners with Red Hat, and Ubuntu 19.10 to Be Called Eoan Ermine

Linux Journal - Tue, 05/07/2019 - 08:56

News briefs for May 7, 2019.

Red Hat Enterprise 8 is now available. From the press release: "Red Hat Enterprise Linux 8 is the operating system redesigned for the hybrid cloud era and built to support the workloads and operations that stretch from enterprise datacenters to multiple public clouds. Red Hat understands that the operating system should do more than simply exist as part of a technology stack; it should be the catalyst for innovation. From Linux containers and hybrid cloud to DevOps and artificial intelligence (AI), Red Hat Enterprise Linux 8 is built to not just support enterprise IT in the hybrid cloud, but to help these new technology strategies thrive." There will be a press conference tomorrow, May 8, at 11am EDT. You can register here.

Microsoft yesterday announced a new Windows 10 Terminal app for command-line users. From Microsoft's blog post: "Windows Terminal [is] a new application for Windows command-line users [that] will offer a user interface with emoji-rich fonts and graphics-processing-unit-accelerated text rendering. It also will provide multiple tab support as well as theming and customization, allowing users to personalize their Terminal." Windows Terminal will be available for Windows 10 systems sometime in June.

In other Microsoft and Red Hat news (the Build 2019 developer conference and Red Hat Summit both are this week), the two companies announce an "open-source service for auto-scaling serverless containers on Kubernetes". ZDNet reports that "Microsoft and Red Hat have jointly developed an open-sourced Kubernetes event-driven autoscaling (KEDA) service. KEDA enables developers to deploy serverless containers on Kubernetes in any public or private cloud, as well as on-premises, Microsoft officials said."

StackRox announced this morning that the StackRox Kubernetes Security Platform is now available as a Red Hat certified container. From the press release: "As part of the Red Hat Container Certification, StackRox's award-winning capabilities, powered by its container-native and Kubernetes-native platform, will be available through the Red Hat Container Catalog. Enterprise customers who use the production-ready Kubernetes platform offered by Red Hat OpenShift to deliver shorter application development cycles and better-quality software now have easier access to enhanced security and compliance capabilities certified by Red Hat." You can read more about the StackRox and Red Hat partnership here.

Ubuntu 19.10 is going to be called the "Eoan Ermine" release. Phoronix reports that "An Ermine is a stoat, or a short-tailed weasel. Eoan, as a reminder, means 'relating to the dawn or the east.'... So Ubuntu 19.10 is the dawn of the short-tailed weasel and will be out in October." This release is expected to bring "Linux 5.3, GNOME 3.34, Mesa 19.2, potentially Python 3 as the only Python version in the main archive, the X.Org session to still be the default, a new desktop installer that offers tight integration with the ZFS file-system, and many other changes for what they hope to send through this cycle for vetting ahead of the Long Term Support cycle."

News Red Hat RHEL Cloud Containers DevOps Microsoft Kubernetes StackRox Ubuntu
Categories: Linux News

Rewriting printk()

Linux Journal - Tue, 05/07/2019 - 07:00
by Zack Brown

The printk() function is a subject of much ongoing consternation among kernel developers. Ostensibly, it's just an output routine for sending text to the console. But unlike a regular print routine, printk() has to be able to work even under extreme conditions, like when something horrible is going on and the system needs to utter a few last clues as it breathes its final breath.

It's a heroic function. And like most heroes, it has a lot of inner problems that need to be worked out over the course of many adventures. One of the entities sent down to battle those inner demons has been John Ogness, who posted a bunch of patches.

One of the problems with printk() is that it uses a global lock to protect its buffer. But this means any parts of the kernel that can't tolerate locks can't use printk(). Nonmasking interrupts and recursive contexts are two areas that have to defer printk() usage until execution context returns to normal space. If the kernel dies before that happens, it simply won't be able to say anything about what went wrong.

There were other problems—lots! Because of deferred execution, sometimes the buffer could grow really big and take a long time to empty out, making execution time hard to predict for any code that disliked uncertainty. Also, the timestamps could be wildly inaccurate for the same reason, making debugging efforts more annoying.

John wanted to address all this by re-implementing printk() to no longer require a lock. With analysis help from people like Peter Zijlstra, John had come up with an implementation that even could work deep in NMI context and anywhere else that couldn't tolerate waiting.

Additionally, instead of having timestamps arrive at the end of the process, John's code captured them at execution time, for a much more accurate debugging process.

His code also introduced a new idea—the possibility of an emergency situation, so that a given printk() invocation could bypass the entire buffer and write its message to the console immediately. Thus, hopefully, even the shortest of final breaths could be used to reveal the villain's identity.

Sergey Senozhatsky had an existential question: if the new printk() was going to be preemptible in order to tolerate execution in any context, then what would stop a crash from interrupting printk() in order to die?

John offered a technical explanation, which seemed to indicate that "panic() can write immediately to the guaranteed NMI-safe write_atomic console without having to first do anything with other CPUs (IPIs, NMIs, waiting, whatever) and without ignoring locks."

Go to Full Article
Categories: Linux News

Linux Kernel 5.1 Is Out, Red Hat Announces Winners of the 2019 Women in Open Source Awards, GNU Linux-libre 5.1-gnu Is Now Available, Lockheed Martin Worked with Red Hat to Improve F022 Raptor Fighter Jets, and Firefox 66.0.4 Released

Linux Journal - Mon, 05/06/2019 - 09:21

News briefs for May 6, 2019.

Linux kernel 5.1 is out. Linus Torvalds writes, "The past week has been pretty calm, and the final patch from rc6 is not all that big. The shortlog is appended, but it's small changes all over. Networking, filesystem code, drivers, tooling, arch updates. Nothing particularly odd stands out. Of course, the shortlog below is just for that final calm week. On the whole, 5.1 looks very normal with just over 13k commits (plus another 1k+ if you count merges)." He also mentions the timing of the 5.2 merge window might be an issue for him: "I just happen to have the college graduation of my oldest happen right smack dab in the middle of the upcoming merge window, so I might be effectively offline for a few days there. If worst comes to worst, I'll extend it to make it all work, but I don't think it will be needed."

Red Hat announced the winners of the 2019 Women in Open Source Awards. The two winners are Limor Fried, founder and lead engineer at Adafruit Industries, and Saloni Garg, a student at LNM Institute of Information Technology pursing A bachelor's degree in computer science. From the announcement: "Their contributions are innovative examples of how open source is being used to make a difference in people's lives and is well positioned to inspire future generations."

The Free Software Foundation Latin America team announced the release of GNU Linux-libre 5.1-gnu. Phoronix reports that "With Linux 5.1 besides re-basing all their existing patches, there were a few more drivers that required adjustments. Alexandre Oliva mentioned in the release announcement, 'Besides the usual assortment of firmware name updates, new drivers for mt7603 and goya required disabling of blob requests, wilc1000 had some files renamed which required adjusting the deblobbing logic, and a driver that we used to deblob (lantiq xrx200 firmware loader) was removed, so its cleaning up code is now gone.'" You can download it from

Lockheed Martin worked with Red Hat to "modernize the application development process used to bring new capabilities to the U.S. Air Force's fleet of F-22 Raptor fighter jets". From Red Hat's press release: "Through an eight-week Red Hat Open Innovation Labs residency, Lockheed Martin Aeronautics replaced the waterfall development process it used for F-22 Raptor upgrades with an agile methodology and DevSecOps practices that are more adaptive to the needs of the U.S. Air Force. Together, Lockheed Martin and Red Hat created an open architecture based on Red Hat OpenShift Container Platform that has enabled the F-22 team to accelerate application development and delivery."

Firefox 66.0.4 was released yesterday. ZDNet reports that this release "fixes the issue with an expired signing certificate that disabled add-ons for the vast majority of its userbase". You can download Firefox here.

News kernel Red Hat FSF GNU Linux-libre Firefox
Categories: Linux News

Open Source--It's in the Genes

Linux Journal - Mon, 05/06/2019 - 09:06
by Glyn Moody

What happens when you release 500,000 human genomes as open source? This.

DNA is digital. The three billion chemical bases that make up the human genome encode data not in binary, but in a quaternary system, using four compounds—adenine, cytosine, guanine, thymine—to represent four genetic "digits": A, C, G and T. Although this came as something of a surprise in 1953, when Watson and Crick proposed an A–T and C–G pairing as a "copying mechanism for genetic material" in their famous double helix paper, it's hard to see how hereditary information could have been transmitted efficiently from generation to generation in any other way. As anyone who has made photocopies of photocopies is aware, analog systems are bad at loss-free transmission, unlike digital encodings. Evolution of progressively more complex structures over millions of years would have been much harder, perhaps impossible, had our genetic material been stored in a purely analog form.

Although the digital nature of DNA was known more than half a century ago, it was only after many years of further work that quaternary data could be extracted at scale. The Human Genome Project, where laboratories around the world pieced together the three billion bases found in a single human genome, was completed in 2003, after 13 years of work, for a cost of around $750 million. However, since then, the cost of sequencing genomes has fallen—in fact, it has plummeted even faster than Moore's Law for semiconductors. A complete human genome now can be sequenced for a few hundred dollars, with sub-$100 services expected soon.

As costs have fallen, new services have sprung up offering to sequence—at least partially—anyone's genome. Millions have sent samples of their saliva to companies like 23andMe in order to learn things about their "ancestry, health, wellness and more". It's exciting stuff, but there are big downsides to using these companies. You may be giving a company the right to use your DNA for other purposes. That is, you are losing control of the most personal code there is—the one that created you in the boot-up process we call gestation. Deleting sequenced DNA can be hard.

Go to Full Article
Categories: Linux News

It's World Press Freedom Day, Tutanota Launches Secure Connect for Journalists and Whistleblowers, Private Internet Access Offers Discounts for Journalists, GCC 9.1 Released, Freespire 4.8 Now Available, and Toradex's New Torizon Embedded Linux Distro

Linux Journal - Fri, 05/03/2019 - 09:05

News briefs for May 3, 2019.

In honor of World Press Freedom Day, today Tutanota announces the launch of Secure Connect, "an open source encrypted contact form for news sites. Secure Connect can be easily added to any news site for free so that whistleblowers can get in touch with journalists securely." From the press release: "'To support the crucial work of journalists and whistleblowers, Tutanota's Secure Connect will be free for journalists to place on their websites', says Matthias Pfau, co-founder and developer of Tutanota. 'We believe in the Human Right to Privacy and Freedom of Speech—a secure and private form to communicate online is critical to achieve free speech. With Secure Connect we want to support journalists, activists and whistleblowers for the important work they are doing for all of us.'" Journalists can get Secure Connect for free by contacting and supplying a link to their website. The standard price for Secure Connect (for lawyers, financial institutions, etc.) is 24 euros per month.

Private Internet Access is celebrating World Press Day with a discount on yearly and biyearly plans for journalists. If you are a member of the press and you would like to trial PIA's apps, or you are reporting high-risk topics or from a high-risk area, please email

GCC 9.1 has been released. From the release announcement (posted on LWN): "GCC 9.1 is a major release containing substantial new functionality not available in GCC 9.x or previous GCC releases. In this release C++17 support is no longer marked experimental. The C++ front-end implements the full C++17 language (already previous GCC major version implemented that) and the C++ standard library support is almost complete. The C++ front-end and library also have numerous further C++2a draft features [1]. GCC has a new front-end for the D language. GCC 9.1 has newly partial OpenMP 5.0 support and almost complete OpenACC 2.5 support." Go here to see all the changes.

Freespire 4.8 was released yesterday. From the announcement: "It is our FOSS solution, with no binary-only drivers, multimedia codecs and strictly libre applications, nothing proprietary included. Freespire is released bi-annually and showcases the best of the FOSS and KDE communities." New features include KDE Plasma 5.12.7, KDE Frameworks 5.44.0, kernel 4.18.0-18, Chromium browser, Geary and much more. See the announcement for download links or to purchase install media.

A beta version of Toradex's Torizon embedded Linux distro is now available at the Toradex GitHub page. Toradex describes the open-source distro as "a new Linux-based software platform that simplifies the process of developing and maintaining embedded software. It allows you to configure the system for your use case quickly and easily, so you can focus on application development instead of Linux builds." See also this Linux Gizmos article for more information on the distro for embedded newbies that "features Visual Studio integration, security features, OTA updates, and an optional Docker runtime."

News Tutanota Secure Connect Security Privacy Freedom Private Internet Access GCC Freespire Embedded
Categories: Linux News

Password Manager Roundup

Linux Journal - Fri, 05/03/2019 - 06:00
by Shawn Powers

If you can remember all of your passwords, they're not good passwords.

I used to teach people how to create "good" passwords. Those passwords needed to be lengthy, hard to guess and easy to remember. There were lots of tricks to make your passwords better, and for years, that was enough.

That's not enough anymore.

It seems that another data breach happens almost daily, exposing sensitive information for millions of users, which means you need to have separate, secure passwords for each site and service you use. If you use the same password for any two sites, you're making yourself vulnerable if any single database gets compromised.

There's a much bigger conversation to be had regarding the best way to protect data. Is the "password" outdated? Should we have something better by now? Granted, there is two-factor authentication, which is a great way to help increase the security on accounts. But although passwords remain the main method for protecting accounts and data, there needs to be a better way to handle them—that's where password managers come into play.

The Best Password Manager

No, I'm not burying the lede by skipping all the reviews. As Doc Searls, Katherine Druckman and myself discussed in Episode 8 of the Linux Journal Podcast, the best password manager is the one you use. It may seem like a cheesy thing to say, but it's a powerful truth. If it's more complicated to use a password manager than it is to re-use the same set of passwords on multiple sites, many people will just choose the easy way.

Sure, some people are geeky enough to use a password manager at any cost. They understand the value of privacy, understand security, and they take their data very seriously. But for the vast majority of people, the path of least resistance is the way to go. Heck, I'm guilty of that myself in many cases. I have a Keurig coffee machine, not because the coffee is better, but because it's more convenient. If you've ever eaten a Hot Pocket instead of cooking a healthy meal, you can understand the mindset that causes people to make poor password choices. If the goal is having smart passwords, it needs to be easier to use smart passwords than to type "password123" everywhere.

Go to Full Article
Categories: Linux News
Syndicate content