|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All)
(Two Column)
- SciLinux: SLSA-2020-0984-1 Important: ipmitool on SL7.x x86_64>
ipmitool: Buffer overflow in read_fru_area_section function in lib/ipmi_fru.c (CVE-2020-5208) SL7 x86_64 ipmitool-1.8.18-9.el7_7.x86_64.rpm ipmitool-debuginfo-1.8.18-9.el7_7.x86_64.rpm noarch bmc-snmp-proxy-1.8.18-9.el7_7.noarch.rpm exchange-bmc-os-info-1.8.18-9.el7_7.noarch.rpm - Scientific Linux Development Team
- [$] Per-system-call kernel-stack offset randomization
In recent years, the kernel has (finally) upped its game when it comes tohardening. It is rather harder to compromise a running kernel than it usedto be. But "rather harder" is relative: attackers still manage to findways to exploit kernel bugs. One piece of information that can be helpfulto attackers is the location of the kernel stack; thispatch set from Kees Cook and Elena Reshetova may soon make thatinformation harder to come by and nearly useless in any case.
- Security updates for Friday
Security updates have been issued by Debian (bluez and php5), Fedora (chromium, kernel, and PyYAML), Gentoo (adobe-flash, libvpx, php, qtcore, and unzip), openSUSE (chromium, kernel, and mcpp), Oracle (ipmitool and libvncserver), Red Hat (ipmitool and rh-postgresql10-postgresql), Slackware (kernel), and SUSE (ldns and tomcat6).
- Malcolm: Static analysis in GCC 10
David Malcolm writesabout the static-analysis features that he is working on adding to theGCC compiler. "This issue is, of course, a huge problem totackle. For this release, I’ve focused on the kinds of problems seen in Ccode—and, in particular double-free bugs—but with a view toward creating aframework that we can expand on in subsequent releases (when we can addmore checks and support languages other than C)."
- [$] Avoiding retpolines with static calls
January 2018 was a sad time in the kernel community. The Meltdown andSpectre vulnerabilities had finally been disclosed, and the requiredworkarounds hurt kernel performance in a number of ways. One of thoseworkarounds — retpolines —continues to cause pain, with developers goingout of their way to avoid indirect calls, since they must now be implementedwith retpolines. In some cases, though, there may be a way to avoid retpolines and regain much of the lost performance;after a long gestation period, the "static calls" mechanism may finally benearing the point where it can be merged upstream.
- Plasma on TV: Presenting Plasma Bigscreen (KDE.News)
The KDE.News site is carrying anannouncement for the PlasmaBigscreen environment, which is meant for large-screen televisions. "Talking of interacting from the couch,voice control provides users with the ultimate comfort when it comes to TVviewing. But most big brands not only do not safeguard the privacy of theircustomers, but actively harvest their conversations even when they are notsending instructions to their TV sets. We use Mycroft's Open Source voiceassistant to solve this problem."
- Security updates for Thursday
Security updates have been issued by CentOS (firefox, icu, kernel-rt, libvncserver, python-imaging, python-pip, python-virtualenv, thunderbird, tomcat, tomcat6, and zsh), Debian (icu and okular), Fedora (libxslt and php), Gentoo (bluez, chromium, pure-ftpd, samba, tor, weechat, xen, and zsh), Oracle (libvncserver), Red Hat (ipmitool and zsh), and SUSE (python-cffi, python-cryptography and python-cffi, python-cryptography, python-xattr).
- [$] Helping FOSS conferences in the face of a pandemic
The effects of the Coronavirusdisease 2019 (COVID-19) pandemic are horrific and far-reaching; wereally do not yet know just how bad it will get. One far less serious areathat has been affected is conferences forand about free and open-source software (FOSS). On the grand scale, these problems are pretty low on thepriority list.There are a fair number of non-profit organizations behind thegatherings, however, that have spent considerable sums setting upnow-canceled events or depend on the conferences for a big chunk of their budget—or both. A neworganization, FOSS Responders,has formed to try to help out.
- O'Reilly shutting down its conference group
O'Reilly has announcedthat it is canceling all of its upcoming in-person conferences and shuttingdown its conference group permanently. "Without understanding whenthis global health emergency may come to an end, we can’t plan for orexecute on a business that will be forever changed as a result of thiscrisis. With large technology vendors moving their events completelyon-line, we believe the stage is set for a new normal moving forward whenit comes to in-person events." There is still no notice to thiseffect on the OSCON page, butone assumes that is coming.
- Some stable kernels
Stable kernels 5.5.13, 5.5.12, 5.4.28, and 4.19.113 have been released. They all containimportant fixes and users should upgrade.
- New Linux-powered SoC taps an old ARM9 architecture
Microchip has launched a 600MHz ARM9-based “SAM9X60” processor with a 2D GPU and -40 to 105°C tolerance along with a Linux-driven, $260 “SAM9X60-EK Evaluation Kit” with MikroBus and Raspberry Pi expansion. Microchip has revised the ARM9-based AT91SAM9260 SoC that was introduced in 2006 by its subsidiary Atmel. The new SAM9X60 model has boosted the clock […]
- Reasons to Give openSUSE a Try
Users may fear trying openSUSE because of some reason. In any case, we’ll introduce you to the distribution and its features, and why you should give it a try.
- Just another KVM setup on Debian Buster 10.3
Sequence of steps and bridge network configuration on native Debian Buster 10.3 host seemed to me a bit different from manuals which are available in meantime on the Net. Specifically I've undertaken some additional steps to fix error with Radeon kernel modesetting enabling also configuration bridge to physical LAN is supposed to be done in the way different from how it works on LXDE 4.
- 6 tricks for developing a work from home schedule
When you start working from home, one of the first things you might have noticed is that there almost no outside influences on your schedule. You probably have meetings—some over team chat and others over video— that you have to attend, but otherwise, there[he]#039[/he]s nothing requiring you to do anything at any specific time. What you find out pretty quickly, though, is that there[he]#039[/he]s an invisible influence that sneaks up on you: deadlines.
- How to detect outdated Kubernetes APIs
Recently, deprecated APIs have been wreaking havoc on everyone[he]#039[/he]s Kubernetes manifests. Why is this happening?!? It[he]#039[/he]s because the objects that we[he]#039[/he]ve come to know and love are moving on to their new homes. And it[he]#039[/he]s not like this happened overnight. Deprecation warnings have been in place for quite a few releases now. We[he]#039[/he]ve all just been lazy and thought the day would never come. Well, it[he]#039[/he]s here!
- Fanless Whiskey Lake mini-PCs include a model based on Intel NUC Elements
Bleujour has launched a $836 and up “Kubb Passive” NUC system and is prepping an even smaller NUC Elements based Meta U mini-PC, both of which run Linux Mint on Intel’s Whiskey Lake. If you’re spending more time than usual on your computer in these days of quarantine, you may ask yourself: Why does my […]
- Are There Exceptions to the Rule that Going Electric Reduces Emissions?
"Averaged over the globe, electric vehicles (EVs) already represent about a 31-percent emissions savings" writes Ars Technica, noting results from a study which also found similar savings from energy-efficient home-heating pumps. "Even in the scenario where these technologies are promoted but the grid isn't cleaned up much, there's a substantial benefit through 2050." But the researchers also separated the world into 59 regions, then used data on the "greenness" of each country's electricity grids, considering the full range of available vehicle types and home-heating methods as well as their predicted "uptake" of green technologies from 2015 to 2050. And this did identify a handful exceptions, Ars Technica reports: Compare, for example, Switzerland's exceptionally low-carbon grid to Estonia's, which runs primarily on oil shale. Swapping an internal combustion vehicle for an electric one in Switzerland cuts emissions by 70 percent, and a heat pump will cut them by about 88 percent. But in Estonia, an electric vehicle would increase emissions by 40 percent and a heat pump pushes that to an eye-watering 120 percent. A more significant exception can be found in Japan. In the scenarios with little progress on grid emissions, a decade from now, the combination of Japan's dirtier grid and preference for hybrid vehicles means that swapping in EVs doesn't quite pay... As time goes on, emissions from manufacturing electric vehicles accounts for a larger share of their total life cycle emissions, the researchers note. You can make the vehicle efficient and the grid clean, but you'll also have to clean up industry to keep shrinking that carbon footprint. The article notes that the researchers also predict continued improvements in the efficiency of electric vehicles -- with an unintended side effect. "As time goes on, emissions from manufacturing electric vehicles accounts for a larger share of their total life cycle emissions, the researchers note. "You can make the vehicle efficient and the grid clean, but you'll also have to clean up industry to keep shrinking that carbon footprint."
Read more of this story at Slashdot.
- School Quits Video Calls After Naked Man 'Guessed' the Meeting Link
An anonymous reader quotes a report from TechCrunch: A school in Norway has stopped using popular video conferencing service Whereby after a naked man apparently "guessed" the link to a video lesson. According to Norwegian state broadcaster NRK, the man exposed himself in front of several young children over the video call. The theory, according to the report, is that the man guessed the meeting ID and joined the video call. One expert quoted in the story said some are "looking" for links. Last year security researchers told TechCrunch that malicious users could access and listen in to Zoom and Webex video meetings by cycling through different permutations of meeting IDs in bulk. The researchers said the flaw worked because many meetings were not protected by a passcode.
Read more of this story at Slashdot.
- Yelp To Stop Auto-Creating GoFundMe Fundraisers After Outrage From Business Owners
Yelp has paused an effort in partnership with GoFundMe that automatically opted tens of thousands of small businesses into fundraisers after complaints from restaurant and bar owners, the company tells The Verge. From the report: Yelp launched the initiative earlier this week in response to the ongoing coronavirus pandemic, but it did so without informing any of participants. Some business owners said the process for opting out -- in the event they were hosting their own fundraisers or simply did not want one automatically set up by Yelp -- was unnecessarily cumbersome. "On Tuesday, Yelp announced a partnership with GoFundMe to provide a fast and easy way for people to support their favorite local businesses by donating to a GoFundMe fundraiser directly on the Yelp pages of eligible businesses. In an effort to get businesses help quickly and easily, a GoFundMe fundraiser was automatically added to the Yelp pages of an initial group of eligible businesses, with information provided on how to claim it or opt out should a business choose to do so," a spokesperson said in a statement. "However, it has come to our attention that some businesses did not receive a notification with opt-out instructions, and some would have preferred to actively opt-in to the program," the statement goes on to say. "As such, we have paused the automatic rollout of this feature, and are working with GoFundMe to provide a seamless way for businesses to opt into the program moving forward, as we have received a great deal of interest and support for the program from both consumers and businesses alike." Yelp said in its original announcement of the GoFundMe partnership that it would be waiving fees and that both companies would match the first $1 million donated. However, critics of the partnership fast discovered that GoFundMe was setting the recommended tip, which is how GoFundMe funds its own operations, at 15 percent. "Yelp does not get any portion of the donations. Donations through the GoFundMe platform may be subject to payment processing fees in some instances per the terms of the GoFundMe platform," reads an FAQ page for the program.
Read more of this story at Slashdot.
- NASA Picks SpaceX To Fly Cargo To Moon-Orbiting Gateway Space Station
NASA has awarded SpaceX with a contract to supply Gateway, the moon-orbiting space station that the agency aims to start building in 2022, agency officials announced Friday. Space.com reports: Gateway is a key part of NASA's Artemis exploration program, which seeks to establish a sustainable, long-term human presence on and around the moon by the late 2020s. The small space station will serve as a jumping-off point for sorties, both crewed and uncrewed, to the lunar surface. SpaceX will help to keep the Gateway supplied, delivering scientific experiments and a variety of other gear to the outpost, NASA officials said. The company is guaranteed two missions under its newly announced Gateway Logistics Services contract. SpaceX's robotic ISS resupply runs employ the company's Falcon 9 rocket and Dragon capsule, which can loft 13,200 lbs. (6,000 kilograms, or 6 metric tons) to low-Earth orbit. But SpaceX's Gateway missions will use different hardware: the huge Falcon Heavy rocket and a special capsule variant called Dragon XL. (SpaceX has also developed another Dragon version, Crew Dragon, which will fly astronauts to and from the ISS under yet another NASA contract.) Dragon XL will be able to carry more than 5 metric tons of cargo to the Gateway, SpaceX representatives said via Twitter Friday. Dragon cargo missions to the ISS typically last about a month from launch to splashdown. But Dragon XL will likely stay attached to the Gateway for six to 12 months at a time, NASA officials said. Other companies may end up joining SpaceX in the Gateway resupply game.
Read more of this story at Slashdot.
- You Can Now Ride a Submarine To the Deepest Point On Earth
An anonymous reader quotes a report from Bloomberg: For some, the ultimate adventure is up in the stars. (See: Musk, Branson, Bezos.) For Texas businessman Victor Vescovo, the trip of a lifetime is a dive to the deepest known point on our own planet, the bottom of the Marianas Trench. For $750,000 per person, Vescovo will take guests down 35,843 feet in Limiting Factor, his $37 million Triton 36,000/2 submarine, whose depth capacity is more than 100 times that of the typical superyacht submersible. "Nobody gets more remote than this," says Rob McCallum, founding partner ofEYOS Expeditions, which is helping to plan and manage the trips to Challenger Deep, as this location is called. Almost seven miles beneath the water's surface, it has seen fewer human visitors than the International Space Station. Just getting to the right patch of the Pacific requires an intrepid spirit. Guests sail roughly 200 miles southwest from Guam on Pressure Drop, a 224-foot-long research vessel, bunked in with scientists, a film crew, and technical experts. Basic comforts include a chef, mess hall, and a rooftop bar for "strategic thinking exercises and international alcohol evaluations," as McCallum puts it. Once there, they pair up with pilots to make roughly 12-hour dives -- four hours down, three to four hours at the bottom, and four hours up -- to a place so deep that its exterior pressure would feel like having five jumbo jets parked on your chest. The eight-day itinerary, which includes three dives and three rest days (during which the submarine's oxygen system is refilled and ballasts reloaded), remains thus far scheduled for two slots in May. The first has already sold out.
Read more of this story at Slashdot.
- US Officials Reportedly Agree To Cut Off Huawei From Global Chip Suppliers
Senior U.S. government officials have agreed to new rules to cut off Huawei from global chip suppliers, according to a Reuters report Thursday, citing sources familiar with the matter. CNET reports: Under the new measures, foreign companies that use American chipmaking equipment would first need to secure a license before supplying some chips to Huawei, the report says. The focus of the new rules is to restrict the sale of more sophisticated chips to the Chinese telecom giant rather than generic, more widely available chips. Trump hasn't signed off on the proposed new measures yet, but if he does, a slew of US tech companies stand to lose, like Apple and Qualcomm along with Huawei. It could also negatively impact the world's largest chipmaker, Taiwan's TSMC, the report says.
Read more of this story at Slashdot.
- Google Cancels Its Infamous April Fools' Jokes This Year
Google won't be participating in April Fools' Day this year due to the serious threat of the coronavirus that continues to impact the entire world. The Verge reports: According to an internal email obtained by Business Insider, Google will "take the year off from that tradition out of respect for all those fighting the Covid-19 pandemic. Our highest goal right now is to be helpful to people, so let's save the jokes for next April, which will undoubtedly be a whole lot brighter than this one." "We've already stopped any centralized April Fool's efforts but realize there may be smaller projects within teams that we don't know about," the email from Google's head of marketing Lorraine Twohill continues. "Please suss out those efforts and make sure your teams pause on any jokes they may have planned -- internally or externally." Hopefully other companies will take note of Google's lead here and adjust their own April Fools' plans accordingly. There's a time and a place for a good joke -- but this probably isn't it.
Read more of this story at Slashdot.
- Scientists Identify Microbe That Could Help Degrade Polyurethane-Based Plastics
An anonymous reader quotes a report from Phys.Org: German researchers report in the journal Frontiers in Microbiology that they have identified and characterized a strain of bacteria capable of degrading some of the chemical building blocks of polyurethane. The team out of Germany managed to isolate a bacterium, Pseudomonas sp. TDA1, from a site rich in brittle plastic waste that shows promise in attacking some of the chemical bonds that make up polyurethane plastics. The researchers performed a genomic analysis to identify the degradation pathways at work. They made preliminary discoveries about the factors that help the microbe metabolize certain chemical compounds in plastic for energy. They also conducted other analyses and experiments to understand the bacterium's capabilities. This particular strain is part of a group of bacteria that are well-known for their tolerance of toxic organic compounds and other forms of stress, according to Dr. Christian Eberlein with the Helmholtz Centre for Environmental Research-UFZ. He is a co-author on the paper who coordinated and supervised the work. "That trait is also named solvent-tolerance and is one form of extremophilic microorganisms," he said. In addition to polyurethane, the P4SB consortium, which includes the Helmholtz Centre for Environmental Research-UFZ, is also testing the efficacy of microbes to degrade plastics made of polyethylene terephthalate (PET), which is widely used in plastic water bottles.
Read more of this story at Slashdot.
- Some Recovered Coronavirus Patients In Wuhan Are Testing Positive Again
NPR is reporting that some Wuhan residents in China who had tested positive earlier and then recovered from the disease are testing positive for the virus a second time. It's raising concerns of a possible second wave of cases, as China prepares to lift quarantine measures to allow residents to leave the epicenter of its outbreak next month. From the report: Based on data from several quarantine facilities in the city, which house patients for further observation after their discharge from hospitals, about 5%-10% of patients pronounced "recovered" have tested positive again. Some of those who retested positive appear to be asymptomatic carriers -- those who carry the virus and are possibly infectious but do not exhibit any of the illness's associated symptoms -- suggesting that the outbreak in Wuhan is not close to being over. NPR has spoken by phone or exchanged text messages with four individuals in Wuhan who are part of this group of individuals testing positive a second time in March. All four said they had been sickened with the virus and tested positive, then were released from medical care in recent weeks after their condition improved and they tested negative. One of the Wuhan residents who spoke to NPR exhibited severe symptoms during their first round of illness and was eventually hospitalized. The second resident displayed only mild symptoms at first and was quarantined in one of more than a dozen makeshift treatment centers erected in Wuhan during the peak of the outbreak. But when both were tested a second time for the coronavirus on Sunday, March 22, as a precondition for seeking medical care for unrelated health issues, they tested positive for the coronavirus even though they exhibited none of the typical symptoms, such as a fever or dry cough. The time from their recovery and release to the retest ranged from a few days to a few weeks. One theory is that they were first given a false negative test result. Another theory is that, because the test amplifies tiny bits of DNA, residual virus from the initial infection could have falsely resulted in that second positive reading.
Read more of this story at Slashdot.
- Elizabeth Warren's Campaign Is Making Its Software Open Source
gavron writes: While most politicians are pro copyright maximalism and patent exclusivity, Elizabeth Warren's campaign just open-sourced a bunch of software and are proud of having used open source to save money, and build upon the shoulders of other giants. Way to go! "Our tech team worked hard to make getting involved with @ewarren's campaign as easy as possible," reads a tweet from @TeamWarren. "We leaned heavily on open source technology, and we want to contribute back. So we're open-sourcing some of our most important projects for anyone to use." The Warren for President Tech Team is open-sourcing the following projects: -Spoke: Spoke is a peer-to-peer texting platform originally developed by MoveOn, with several forks under active development. -Pollaris, our polling location lookup tool: While the DNC provides a polling locator interface with IWillVote.org, we wanted a polling place locator that integrated with our website and tools, so we built our own interface and API, using polling location data provided by the DNC and state democratic parties. -Caucus App: Going into the Iowa caucuses, we wanted to give our supporters and precinct captains a way to quickly calculate delegates and report results from each precinct. -Switchboard (FE and BE): [W]e built a piece of software that took new potential volunteers, or "hot leads," from our online channels and assigned them to state-based volunteer leads for personal follow up calls offering ways to get involved with the campaign. As it turned out, this also ended up being a great tool for event recruitment. -Automated organizing email: Our Mobilization and Tech teams worked together to scale email outreach to the widest possible audience and free our incredible organizers from tedious manual tasks. -Redhook: Campaigns run on data, and redhook is a tool that makes data happen. As a system, Redhook ingests web hook data and delivers it to Redshift/Civis in near real time. -I90: This tool was not deployed during the campaign, but there was a need to make short links out of long complicated links moving forward. I90 does that. You can read more about the projects and the team's efforts via this Medium post.
Read more of this story at Slashdot.
- A Curious Look At Eight Core Server CPU Performance From Intel Xeon Haswell To AMD EPYC Rome
When it comes to the AMD EPYC 7002 "Rome" processors we have looked at the various higher-end SKUs since their launch last August up to and including the EPYC 7742 with its 64 cores / 128 threads per socket. But for those wondering about the EPYC 7002 series performance at the bottom end of the spectrum, here are some fun benchmarks of the EPYC 7232P and EPYC 7262 on the near-final Ubuntu 20.04 LTS state compared to various vintages of Intel Xeon CPUs -- most notably, a curiosity driven look at the 8 core / 16 thread Intel Haswell Xeon performance.
- Some Of The Features To Look Forward To With Linux 5.7
With the Linux 5.7 cycle kicking off in April with its merge window opening upon the release of Linux 5.6, here is a look at some of the changes and new features that have been on our radar for this next version of the Linux kernel...
- Security: Why Linux Is Better Than Windows Or Mac OS
Linux is a free and open source operating system that was released in 1991 developed and released by Linus Torvalds. Since its release it has reached a user base that is greatly widespread worldwide. Linux users swear by the reliability and freedom that this operating system offers, especially when compared to its counterparts, windows and [0]
- Essential Software That Are Not Available On Linux OS
An operating system is essentially the most important component in a computer. It manages the different hardware and software components of a computer in the most effective way. There are different types of operating system and everything comes with their own set of programs and software. You cannot expect a Linux program to have all [0]
- Things You Never Knew About Your Operating System
The advent of computers has brought about a revolution in our daily life. From computers that were so huge to fit in a room, we have come a very long way to desktops and even palmtops. These machines have become our virtual lockers, and a life without these network machines have become unimaginable. Sending mails, [0]
- How To Fully Optimize Your Operating System
Computers and systems are tricky and complicated. If you lack a thorough knowledge or even basic knowledge of computers, you will often find yourself in a bind. You must understand that something as complicated as a computer requires constant care and constant cleaning up of junk files. Unless you put in the time to configure [0]
- The Top Problems With Major Operating Systems
There is no such system which does not give you any problems. Even if the system and the operating system of your system is easy to understand, there will be some times when certain problems will arise. Most of these problems are easy to handle and easy to get rid of. But you must be [0]
- 8 Benefits Of Linux OS
Linux is a small and a fast-growing operating system. However, we can’t term it as software yet. As discussed in the article about what can a Linux OS do Linux is a kernel. Now, kernels are used for software and programs. These kernels are used by the computer and can be used with various third-party software [0]
- Things Linux OS Can Do That Other OS Can’t
What Is Linux OS? Linux, similar to U-bix is an operating system which can be used for various computers, hand held devices, embedded devices, etc. The reason why Linux operated system is preferred by many, is because it is easy to use and re-use. Linux based operating system is technically not an Operating System. Operating [0]
- Packagekit Interview
Packagekit aims to make the management of applications in the Linux and GNU systems. The main objective to remove the pains it takes to create a system. Along with this in an interview, Richard Hughes, the developer of Packagekit said that he aims to make the Linux systems just as powerful as the Windows or [0]
- What’s New in Ubuntu?
What Is Ubuntu? Ubuntu is open source software. It is useful for Linux based computers. The software is marketed by the Canonical Ltd., Ubuntu community. Ubuntu was first released in late October in 2004. The Ubuntu program uses Java, Python, C, C++ and C# programming languages. What Is New? The version 17.04 is now available here [0]
- Ext3 Reiserfs Xfs In Windows With Regards To Colinux
The problem with Windows is that there are various limitations to the computer and there is only so much you can do with it. You can access the Ext3 Reiserfs Xfs by using the coLinux tool. Download the tool from the official site or from the sourceforge site. Edit the connection to “TAP Win32 Adapter [0]
- Control Panel isn’t dead yet � but the System applet is looking nervous
You may have seen dark rumors around the Web that Microsoft is about to kill off the classic Control Panel. Rest assured, friend, we were as horrified as you are—but on more careful inspection, this seems not to be the case. That�s one of the many downsides of being at the mercy of closed operating systems like Windows or macOS � as a user, you�re not really in control, and your platform landlords can decide to remove vital functionality or features on a whim, and there�s nothing you can do about it. If you haven�t done so yet, I�d highly suggest start looking at open source alternatives before it�s too late, because I feel the noose is only going to tighten more, not less.
- Amiga machine code course
Here you’ll find my complete set of posts covering the Amiga Machine Code course. The course consists of twelve letters and two disks, that can be found here. The letters are available as PDF’s in their original Danish language as well as translated to English. Some light reading for the weekend.
- Dumping MiniDisc media
If you have music on a collection of MiniDisc media and want to finally copy the data off onto modern media (or the cloud!), here are simple instructions for some different solutions. Why would you stop using MiniDisc though?
- The exFAT filesystem is coming to Linux � Paragon software’s not happy about it
Ars Technica reports on a story from the early 2000s 2020: When software and operating system giant Microsoft announced its support for inclusion of the exFAT filesystem directly into the Linux kernel back in August, it didn�t get a ton of press coverage. But filesystem vendor Paragon Software clearly noticed this month�s merge of the Microsoft-approved, largely Samsung-authored version of exFAT into the VFS for-next repository, which will in turn merge into Linux 5.7—and Paragon doesn�t seem happy about it. Yesterday, Paragon issued a press release about European gateway-modem vendor Sagemcom adopting its version of exFAT into an upcoming series of Linux-based routers. Unfortunately, it chose to preface the announcement with a stream of FUD (Fear, Uncertainty, and Doubt) that wouldn�t have looked out of place on Steve Ballmer�s letterhead in the 1990s. This is some get the facts! level of tripe. You�d think that in 2020, we�d be spared this sort of nonsense, and I�m sad I�m even spending precious bits on this one � but at least we get the name of Paragon out so you can avoid them like the plague.
- AMD uses DMCA to mitigate massive GPU source code leak
AMD has filed at least two DMCA notices against Github repos that carried stolen! source code relating to AMD�s Navi and Arden GPUs, the latter being the processor for the upcoming Xbox Series X. The person claiming responsibility for the leak informs TorrentFreak that if they doesn�t get a buyer for the remainder of the code, they will dump the whole lot online. I�d love to hear the backstory behind this hack. For a company like AMD, such a hack must�ve been an inside job, right? While I know I shouldn�t be surprised anymore by just how lacking security can be at even the most prominent technology companies, I just can�t imagine it being very easy to get your hands on this documentation and code without some form of inside help.
- MIPS Loongson 3 seeing support improvements with Linux 5.7
For those managing to get their hands on a recently released Loongson 3A4000/3B4000 or even older Loongson 3 MIPS64 processors, improving the support is on the way with the upcoming Linux 5.7 kernel. Queued as part of the MIPS architecture work for Linux 5.7 are a number of Loongson improvements, in particular for the Loongson 3 series. The Loongson processors are pretty much impossible to come by outside of China, and gained some fame as the platform of choice for Richard Stallman.
- Apple releases macOS 10.15.4, watchOS 6.2, and iOS, iPadOS and tvOS 13.4
Apple has released macOS 10.15.4, watchOS 6.2, and iOS, iPadOS and tvOS 13.4. Earlier today, Apple continued its tradition of updating all of its operating systems at once. The day brought major new feature releases to iOS, iPadOS, macOS, watchOS, and tvOS. The iOS, iPadOS, and tvOS updates are numbered 13.4, Apple Watches got watchOS 6.2, and Macs saw the release of macOS Catalina 10.15.4. You know where to get them.
- Living a Google-free life with a Huawei phone
Ever wondered what�s it like to run Android without Google�s services and applications? Well, get a Huawei device. A smartphone UI isn’t much use without apps, of course, and here is where Huawei hits its first hurdle. Huawei has its own store called AppGallery, which it claims is the third largest in the world based on its more than 400 million monthly active users. The vast majority of those users will be in China, of course, where the Google Play Store has never been included alongside AppGallery. If you buy a Mate 30 Pro now anywhere in the world, though, AppGallery is what you get out of the box. To be blunt, it is not great. I wouldn’t call it barren — there is support from major US companies like Microsoft, Amazon, and Snap. You can’t get Chrome, of course, but Opera is there if you want something with desktop sync. But a huge amount of its content is aimed at China, with other big Western names like Facebook, Slack, Netflix, and Twitter missing, which puts the Mate 30 Pro in a more precarious app situation than even the diciest days of Windows Phone. Huawei has announced a $1 billion plan to help stock AppGallery’s shelves, but it has its work cut out. A bigger problem is that even if you can get popular applications installed, they often won�t work properly because the device lacks the Google Mobile Services. It�s an incredibly hard situation for Huawei to be in.
- Chrome phasing out support for user agent
Google announced its decision to drop support for the User-Agent string in its Chrome browser. Instead, Chrome will offer a new API called Client Hints that will give the user greater control over which information is shared with websites. We�ve talked about this earlier this year, but I want to highlight it again since it�s very important this initiative doesn�t devolve into Google and Chrome shoving this alternative down the web�s throat. Deprecating user agent strings is a good thing, but only if the replacement is a collective effort supported by everyone.
- Apple just killed offline web apps while purporting to protect your privacy [updated: not really]
Update: the WebKit blog post has been updated with a clarification: Web applications added to the home screen are not part of Safari and thus have their own counter of days of use. Their days of use will match actual use of the web application which resets the timer. We do not expect the first-party in such a web application to have its website data deleted. That�s definitely a relief, and good thing they cleared this up. Original continues below: On the face of it, WebKit’s announcement yesterday titled Full Third-Party Cookie Blocking and More sounds like something I would wholeheartedly welcome. Unfortunately, I can’t because the “and more” bit effectively kills off Offline Web Apps and, with it, the chance to have privacy-respecting apps like the prototype I was exploring earlier in the year based on DAT. Block all third-party cookies, yes, by all means. But deleting all local storage (including Indexed DB, etc.) after 7 days effectively blocks any future decentralised apps using the browser (client side) as a trusted replication node in a peer-to-peer network. And that’s a huge blow to the future of privacy. I�m sure that�s entirely a coincidence for a company that wants to force everyone to use their App Store, the open web be damned.
- Linux Journal Ceases Publication: An Awkward Goodbye
by Kyle Rankin IMPORTANT NOTICE FROM LINUX JOURNAL, LLC: On August 7, 2019, Linux Journal shut its doors for good. All staff were laid off and the company is left with no operating funds to continue in any capacity. The website will continue to stay up for the next few weeks, hopefully longer for archival purposes if we can make it happen. –Linux Journal, LLC
Final Letter from the Editor: The Awkward Goodbye
by Kyle Rankin
Have you ever met up with a friend at a restaurant for dinner, then after dinner you both step out to the street and say a proper goodbye, only when you leave, you find out that you both are walking in the same direction? So now, you get to walk together awkwardly until the true point where you part, and then you have another, second goodbye, that's much more awkward.
That's basically this post.
So, it was almost two years ago that I first said goodbye to Linux Journal and the Linux Journal community in my post "So Long and Thanks for All the Bash". That post was a proper goodbye. For starters, it had a catchy title with a pun. The post itself had all the elements of a proper goodbye: part retrospective, part "Thank You" to the Linux Journal team and the community, and OK, yes, it was also part rant. I recommend you read (or re-read) that post, because it captures my feelings about losing Linux Journal way better than I can muster here on our awkward second goodbye.
Of course, not long after I wrote that post, we found out that Linux Journal wasn't dead after all! We all actually had more time together and got to work fixing everything that had caused us to die in the first place. A lot of our analysis of what went wrong and what we intended to change was captured in my article Go to Full Article
- Oops! Debugging Kernel Panics
by Petros Koutoupis
A look into what causes kernel panics and some utilities to help gain more information.
Working in a Linux environment, how often have you seen a kernel panic? When it happens, your system is left in a crippled state until you reboot it completely. And, even after you get your system back into a functional state, you're still left with the question: why? You may have no idea what happened or why it happened. Those questions can be answered though, and the following guide will help you root out the cause of some of the conditions that led to the original crash.
Figure 1. A Typical Kernel Panic
Let's start by looking at a set of utilities known as kexec and kdump. kexec allows you to boot into another kernel from an existing (and running) kernel, and kdump is a kexec-based crash-dumping mechanism for Linux.
Installing the Required Packages
First and foremost, your kernel should have the following components statically built in to its image:
CONFIG_RELOCATABLE=y CONFIG_KEXEC=y CONFIG_CRASH_DUMP=y CONFIG_DEBUG_INFO=y CONFIG_MAGIC_SYSRQ=y CONFIG_PROC_VMCORE=y
You can find this in /boot/config-`uname -r`.
Make sure that your operating system is up to date with the latest-and-greatest package versions:
$ sudo apt update && sudo apt upgrade
Install the following packages (I'm currently using Debian, but the same should and will apply to Ubuntu):
$ sudo apt install gcc make binutils linux-headers-`uname -r` ↪kdump-tools crash `uname -r`-dbg
Note: Package names may vary across distributions.
During the installation, you will be prompted with questions to enable kexec to handle reboots (answer whatever you'd like, but I answered "no"; see Figure 2).
Figure 2. kexec Configuration Menu
And to enable kdump to run and load at system boot, answer "yes" (Figure 3).
Figure 3. kdump Configuration Menu
Configuring kdump
Open the /etc/default/kdump-tools file, and at the very top, you should see the following:
Go to Full Article
- Loadsharers: Funding the Load-Bearing Internet Person
by Eric S. Raymond
The internet has a sustainability problem. Many of its critical services depend on the dedication of unpaid volunteers, because they can't be monetized and thus don't have any revenue stream for the maintainers to live on. I'm talking about services like DNS, time synchronization, crypto libraries—software without which the net and the browser you're using couldn't function.
These volunteer maintainers are the Load-Bearing Internet People (LBIP). Underfunding them is a problem, because underfunded critical services tend to have gaps and holes that could have been fixed if there were more full-time attention on them. As our civilization becomes increasingly dependent on this software infrastructure, that attention shortfall could lead to disastrous outages.
I've been worrying about this problem since 2012, when I watched a hacker I know wreck his health while working on a critical infrastructure problem nobody else understood at the time. Billions of dollars in e-commerce hung on getting the particular software problem he had spotted solved, but because it masqueraded as network undercapacity, he had a lot of trouble getting even technically-savvy people to understand where the problem was. He solved it, but unable to afford medical insurance and literally living in a tent, he eventually went blind in one eye and is now prone to depressive spells.
More recently, I damaged my ankle and discovered that although there is such a thing as minor surgery on the medical level, there is no such thing as "minor surgery" on the financial level. I was looking—still am looking—at a serious prospect of either having my life savings wiped out or having to leave all 52 of the open-source projects I'm responsible for in the lurch as I scrambled for a full-time job. Projects at risk include the likes of GIFLIB, GPSD and NTPsec.
That refocused my mind on the LBIP problem. There aren't many Load-Bearing Internet People—probably on the close order of 1,000 worldwide—but they're a systemic vulnerability made inevitable by the existence of common software and internet services that can't be metered. And, burning them out is a serious problem. Even under the most cold-blooded assessment, civilization needs the mean service life of an LBIP to be long enough to train and acculturate a replacement.
(If that made you wonder—yes, in fact, I am training an apprentice. Different problem for a different article.)
Alas, traditional centralized funding models have failed the LBIPs. There are a few reasons for this:
Go to Full Article
- Documenting Proper Git Usage
by Zack Brown
Jonathan Corbet wrote a document for inclusion in the kernel tree, describing best practices for merging and rebasing git-based kernel repositories. As he put it, it represented workflows that were actually in current use, and it was a living document that hopefully would be added to and corrected over time.
The inspiration for the document came from noticing how frequently Linus Torvalds was unhappy with how other people—typically subsystem maintainers—handled their git trees.
It's interesting to note that before Linus wrote the git tool, branching and merging was virtually unheard of in the Open Source world. In CVS, it was a nightmare horror of leechcraft and broken magic. Other tools were not much better. One of the primary motivations behind git—aside from blazing speed—was, in fact, to make branching and merging trivial operations—and so they have become.
One of the offshoots of branching and merging, Jonathan wrote, was rebasing—altering the patch history of a local repository. The benefits of rebasing are fantastic. They can make a repository history cleaner and clearer, which in turn can make it easier to track down the patches that introduced a given bug. So rebasing has a direct value to the development process.
On the other hand, used poorly, rebasing can make a big mess. For example, suppose you rebase a repository that has already been merged with another, and then merge them again—insane soul death.
So Jonathan explained some good rules of thumb. Never rebase a repository that's already been shared. Never rebase patches that come from someone else's repository. And in general, simply never rebase—unless there's a genuine reason.
Since rebasing changes the history of patches, it relies on a new "base" version, from which the later patches diverge. Jonathan recommended choosing a base version that was generally thought to be more stable rather than less—a new version or a release candidate, for example, rather than just an arbitrary patch during regular development.
Jonathan also recommended, for any rebase, treating all the rebased patches as new code, and testing them thoroughly, even if they had been tested already prior to the rebase.
"If", he said, "rebasing is limited to private trees, commits are based on a well-known starting point, and they are well tested, the potential for trouble is low."
Moving on to merging, Jonathan pointed out that nearly 9% of all kernel commits were merges. There were more than 1,000 merge requests in the 5.1 development cycle alone.
Go to Full Article
- Understanding Python's asyncio
by Reuven M. Lerner
How to get started using Python's asyncio.
Earlier this year, I attended PyCon, the international Python conference. One topic, presented at numerous talks and discussed informally in the hallway, was the state of threading in Python—which is, in a nutshell, neither ideal nor as terrible as some critics would argue.
A related topic that came up repeatedly was that of "asyncio", a relatively new approach to concurrency in Python. Not only were there formal presentations and informal discussions about asyncio, but a number of people also asked me about courses on the subject.
I must admit, I was a bit surprised by all the interest. After all, asyncio isn't a new addition to Python; it's been around for a few years. And, it doesn't solve all of the problems associated with threads. Plus, it can be confusing for many people to get started with it.
And yet, there's no denying that after a number of years when people ignored asyncio, it's starting to gain steam. I'm sure part of the reason is that asyncio has matured and improved over time, thanks in no small part to much dedicated work by countless developers. But, it's also because asyncio is an increasingly good and useful choice for certain types of tasks—particularly tasks that work across networks.
So with this article, I'm kicking off a series on asyncio—what it is, how to use it, where it's appropriate, and how you can and should (and also can't and shouldn't) incorporate it into your own work.
What Is asyncio?
Everyone's grown used to computers being able to do more than one thing at a time—well, sort of. Although it might seem as though computers are doing more than one thing at a time, they're actually switching, very quickly, across different tasks. For example, when you ssh in to a Linux server, it might seem as though it's only executing your commands. But in actuality, you're getting a small "time slice" from the CPU, with the rest going to other tasks on the computer, such as the systems that handle networking, security and various protocols. Indeed, if you're using SSH to connect to such a server, some of those time slices are being used by sshd to handle your connection and even allow you to issue commands.
All of this is done, on modern operating systems, via "pre-emptive multitasking". In other words, running programs aren't given a choice of when they will give up control of the CPU. Rather, they're forced to give up control and then resume a little while later. Each process running on a computer is handled this way. Each process can, in turn, use threads, sub-processes that subdivide the time slice given to their parent process.
Go to Full Article
- RV Offsite Backup Update
by Kyle Rankin
Having an offsite backup in your RV is great, and after a year of use, I've discovered some ways to make it even better.
Last year I wrote a feature-length article on the data backup system I set up for my RV (see Kyle's "DIY RV Offsite Backup and Media Server" from the June 2018 issue of LJ). If you haven't read that article yet, I recommend checking it out first so you can get details on the system. In summary, I set up a Raspberry Pi media center PC connected to a 12V television in the RV. I connected an 8TB hard drive to that system and synchronized all of my files and media so it acted as a kind of off-site backup. Finally, I set up a script that would attempt to sync over all of those files from my NAS whenever it detected that the RV was on the local network. So here, I provide an update on how that system is working and a few tweaks I've made to it since.
What Works
Overall, the media center has worked well. It's been great to have all of my media with me when I'm on a road trip, and my son appreciates having access to his favorite cartoons. Because the interface is identical to the media center we have at home, there's no learning curve—everything just works. Since the Raspberry Pi is powered off the TV in the RV, you just need to turn on the TV and everything fires up.
It's also been great knowing that I have a good backup of all of my files nearby. Should anything happen to my house or my main NAS, I know that I can just get backups from the RV. Having peace of mind about your important files is valuable, and it's nice knowing in the worst case when my NAS broke, I could just disconnect my USB drive from the RV, connect it to a local system, and be back up and running.
The WiFi booster I set up on the RV also has worked pretty well to increase the range of the Raspberry Pi (and the laptops inside the RV) when on the road. When we get to a campsite that happens to offer WiFi, I just reset the booster and set up a new access point that amplifies the campsite signal for inside the RV. On one trip, I even took it out of the RV and inside a hotel room to boost the weak signal.
Go to Full Article
- Another Episode of "Seems Perfectly Feasible and Then Dies"--Script to Simplify the Process of Changing System Call Tables
by Zack Brown
David Howells put in quite a bit of work on a script, ./scripts/syscall-manage.pl, to simplify the entire process of changing the system call tables. With this script, it was a simple matter to add, remove, rename or renumber any system call you liked. The script also would resolve git conflicts, in the event that two repositories renumbered the system calls in conflicting ways.
Why did David need to write this patch? Why weren't system calls already fairly easy to manage? When you make a system call, you add it to a master list, and then you add it to the system call "tables", which is where the running kernel looks up which kernel function corresponds to which system call number. Kernel developers need to make sure system calls are represented in all relevant spots in the source tree. Renaming, renumbering and making other changes to system calls involves a lot of fiddly little details. David's script simply would do everything right—end of story no problemo hasta la vista.
Arnd Bergmann remarked, "Ah, fun. You had already threatened to add that script in the past. The implementation of course looks fine, I was just hoping we could instead eliminate the need for it first." But, bowing to necessity, Arnd offered some technical suggestions for improvements to the patch.
However, Linus Torvalds swooped in at this particular moment, saying:
Ugh, I hate it.
I'm sure the script is all kinds of clever and useful, but I really think the solution is not this kind of helper script, but simply that we should work at not having each architecture add new system calls individually in the first place.
IOW, we should look at having just one unified table for new system call numbers, and aim for the per-architecture ones to be for "legacy numbering".
Maybe that won't happen, but in the _hope_ that it happens, I really would prefer that people not work at making scripts for the current nasty situation.
And the portcullis came crashing down.
It's interesting that, instead of accepting this relatively obvious improvement to the existing situation, Linus would rather leave it broken and ugly, so that someone someday somewhere might be motivated to do the harder-yet-better fix. And, it's all the more interesting given how extreme the current problem is. Without actually being broken, the situation requires developers to put in a tremendous amount of care and effort into something that David's script could make trivial and easy. Even for such an obviously "good" patch, Linus gives thought to the policy and cultural implications, and the future motivations of other people working in that region of code.
Note: if you're mentioned above and want to post a response above the comment section, send a message with your response text to ljeditor@linuxjournal.com.
Go to Full Article
- Experts Attempt to Explain DevOps--and Almost Succeed
by Bryan Lunduke
What is DevOps? How does it relate to other ideas and methodologies within software development? Linux Journal Deputy Editor and longtime software developer, Bryan Lunduke isn't entirely sure, so he asks some experts to help him better understand the DevOps phenomenon.
The word DevOps confuses me.
I'm not even sure confuses me quite does justice to the pain I experience—right in the center of my brain—every time the word is uttered.
It's not that I dislike DevOps; it's that I genuinely don't understand what in tarnation it actually is. Let me demonstrate. What follows is the definition of DevOps on Wikipedia as of a few moments ago:
DevOps is a set of software development practices that combine software development (Dev) and information technology operations (Ops) to shorten the systems development life cycle while delivering features, fixes, and updates frequently in close alignment with business objectives.
I'm pretty sure I got three aneurysms just by copying and pasting that sentence, and I still have no clue what DevOps really is. Perhaps I should back up and give a little context on where I'm coming from.
My professional career began in the 1990s when I got my first job as a Software Test Engineer (the people that find bugs in software, hopefully before the software ships, and tell the programmers about them). During the years that followed, my title, and responsibilities, gradually evolved as I worked my way through as many software-industry job titles as I could:
Automation Engineer: people that automate testing software. Software Development Engineer in Test: people that make tools for the testers to use. Software Development Engineer: aka "Coder", aka "Programmer". Dev Lead: "Hey, you're a good programmer! You should also manage a few other programmers but still code just as much as you did before, but, don't worry, we won't give you much of a raise! It'll be great!" Dev Manager: like a Dev Lead, with less programming, more managing. Director of Engineering: the manager of the managers of the programmers. Vice President of Technology/Engineering: aka "The big boss nerd man who gets to make decisions and gets in trouble first when deadlines are missed."
During my various times with fancy-pants titles, I managed teams that included:
Go to Full Article
- DNA Geometry with cadnano
by Joey Bernard
This article introduces a tool you can use to work on three-dimensional DNA origami. The package is called cadnano, and it's currently being developed at the Wyss Institute. With this package, you'll be able to construct and manipulate the three-dimensional representations of DNA structures, as well as generate publication-quality graphics of your work.
Because this software is research-based, you won't likely find it in the package repository for your favourite distribution, in which case you'll need to install it from the GitHub repository.
Since cadnano is a Python program, written to use the Qt framework, you'll need to install some packages first. For example, in Debian-based distributions, you'll want to run the following commands:
sudo apt-get install python3 python3-pip
I found that installation was a bit tricky, so I created a virtual Python environment to manage module installations.
Once you're in your activated virtualenv, install the required Python modules with the command:
pip3 install pythreejs termcolor pytz pandas pyqt5 sip
After those dependencies are installed, grab the source code with the command:
git clone https://github.com/cadnano/cadnano2.5.git
This will grab the Qt5 version. The Qt4 version is in the repository https://github.com/cadnano/cadnano2.git.
Changing directory into the source directory, you can build and install cadnano with:
python setup.py install
Now your cadnano should be available within the virtualenv.
You can start cadnano simply by executing the cadnano command from a terminal window. You'll see an essentially blank workspace, made up of several empty view panes and an empty inspector pane on the far right-hand side.
Figure 1. When you first start cadnano, you get a completely blank work space.
In order to walk through a few of the functions available in cadnano, let's create a six-strand nanotube. The first step is to create a background that you can use to build upon. At the top of the main window, you'll find three buttons in the toolbar that will let you create a "Freeform", "Honeycomb" or "Square" framework. For this example, click the honeycomb button.
Figure 2. Start your construction with one of the available geometric frameworks.
Go to Full Article
- Running GNOME in a Container
by Adam Verslype
Containerizing the GUI separates your work and play.
Virtualization has always been a rich man's game, and more frugal enthusiasts—unable to afford fancy server-class components—often struggle to keep up. Linux provides free high-quality hypervisors, but when you start to throw real workloads at the host, its resources become saturated quickly. No amount of spare RAM shoved into an old Dell desktop is going to remedy this situation. If a properly decked-out host is out of your reach, you might want to consider containers instead.
Instead of virtualizing an entire computer, containers allow parts of the Linux kernel to be portioned into several pieces. This occurs without the overhead of emulating hardware or running several identical kernels. A full GUI environment, such as GNOME Shell can be launched inside a container, with a little gumption.
You can accomplish this through namespaces, a feature built in to the Linux kernel. An in-depth look at this feature is beyond the scope of this article, but a brief example sheds light on how these features can create containers. Each kind of namespace segments a different part of the kernel. The PID namespace, for example, prevents processes inside the namespace from seeing other processes running in the kernel. As a result, those processes believe that they are the only ones running on the computer. Each namespace does the same thing for other areas of the kernel as well. The mount namespace isolates the filesystem of the processes inside of it. The network namespace provides a unique network stack to processes running inside of them. The IPC, user, UTS and cgroup namespaces do the same for those areas of the kernel as well. When the seven namespaces are combined, the result is a container: an environment isolated enough to believe it is a freestanding Linux system.
Container frameworks will abstract the minutia of configuring namespaces away from the user, but each framework has a different emphasis. Docker is the most popular and is designed to run multiple copies of identical containers at scale. LXC/LXD is meant to create containers easily that mimic particular Linux distributions. In fact, earlier versions of LXC included a collection of scripts that created the filesystems of popular distributions. A third option is libvirt's lxc driver. Contrary to how it may sound, libvirt-lxc does not use LXC/LXD at all. Instead, the libvirt-lxc driver manipulates kernel namespaces directly. libvirt-lxc integrates into other tools within the libvirt suite as well, so the configuration of libvirt-lxc containers resembles those of virtual machines running in other libvirt drivers instead of a native LXC/LXD container. It is easy to learn as a result, even if the branding is confusing.
Go to Full Article
|
