Language Selection

English French German Italian Portuguese Spanish

Linux Journal

Syndicate content
Updated: 8 min 12 sec ago

GNOME 3.33.2 Released, Krita 4.2 Debuts, RPi Camera Modules on RPi Zeros Power the Penguin Watch Project, Intrinsyc Switches Its Home Automation Dev Board from Android Things to Linux and Intel Hosting a Clear Linux OS Meetup Today

Wednesday 29th of May 2019 12:18:05 PM

News briefs for May 29, 2019.

GNOME 3.33.2 was released yesterday. This marks the second development release of the 3.34 GNOME desktop, which is expected to be available this fall. According to Softpedia News, "GNOME 3.33.2 adds huge performance improvements to GNOME Shell, a new Backgrounds panel in GNOME Control Center, countless enhancements to the Epiphany web browser and GNOME Calculator, rendering improvements for the Mutter window and composite manager with X.Org Server, and much more." See the Changelog for more details.

Krita 4.2 makes its debut. OMG Ubuntu! reports that the new version "features more than 1,000 bug fixes (!) as well as several new features, including support for HDR displays on Windows 10." See the Release Notes for more on all the new features.

Raspberry Pi Camera Modules mounted on Raspberry Pi Zeros provide the images for the Penguin Watch project. The raspberrypi.org blog post calls the project "citizen science on a big scale", noting that "thousands of people from all over the world come together on the internet to...click on penguins. By counting the birds in their colonies, users help penguinologists measure changes in the birds' behaviour and habitat, and in the larger ecosystem, thus assisting in their conservation.

Intrinsyc has switched its Snapdragon 212-based Open-Q 212 module and 212A Home Hub Development Kit from Android Things to Linux. From Linux Gizmos: "Intrinsyc's Open-Q 212A module and Development Kit, which were announced a year ago as along with several other Android Things production boards offered by Google, are being re-released as a Linux development platform for next-gen smart speaker and voice-controlled home hub products. The OpenEmbedded/Yocto Project based Linux stack brings improved support for the audio features on the $595 dev kit, which has been rebranded as the Open-Q 212A Home Hub Development Kit. There's also a new Bluetooth and 802.15.4 wireless add-on on the way."

Intel is hosting a Clear Linux OS meetup today in Santa Clara. The meetup will run from 3pm to 8:30pm and "is to introduce you to the Clear Linux Project and help you learn how to better use the Clear Linux OS in your everyday job. Light refreshments and dinner provided."

News GNOME Desktop Krita Raspberry Pi SBCs Embedded Intel Clear Linux

Visualizing Science with ParaView

Wednesday 29th of May 2019 12:00:00 PM
by Joey Bernard

I'd like to introduce one of the more popular tools used for visualizing data within several scientific disciplines: ParaView. ParaView started as a joint project between Kitware, Inc., and Los Alamos National Laboratory back in 2000. The first public release was version 0.6, which came out in 2002. Since then, ParaView has become one of the most popular visualization packages for visualizing large data sets.

Because it's open source, it should be available in most, if not all, package repository systems. For example, in Debian-based distributions, you should be able to install it with the command:

sudo apt-get install paraview

Starting it the first time should give you an empty workspace, ready for you to get to work.

Figure 1. When you first start ParaView, you'll see a new, empty layout to start your visualization.

Two major parts populate the bulk of the window. The right-hand side is the main display pane where the visualization will appear. The left-hand pane shows the list of objects being visualized, along with their properties. At the top, there is a toolbar of the common functions in ParaView.

To play with ParaView, you'll need some data. If you don't have any data of your own to use, you can grab some data provided as part of the ParaView Tutorial. More documentation and sample scripts are also available there.

Let's assume you're going to use the sample data as you learn how to use ParaView. To load the data, click File→Open, and navigate to where you unpacked the sample data.

While you're here, take a quick look at the list of all of the file types ParaView supports. For example, you can load the data stored in the file can.ex2. You won't see anything displayed right away. In the bottom part of the left-hand side pane, you should see the properties for the newly loaded data file. For now, you can just accept the defaults and click the apply button. You then should see the data visualized in the main pane.

Figure 2. The data in the sample file can.ex2 renders as a half cylinder attached to a rectangle on the end.

Clicking and dragging on the image allows you to rotate the view, so you can see the entire object from various angles.

Go to Full Article

Kernel 5.2-rc2 Is Out, Ubuntu Security Team's New Podcast, the E Foundation's Refurbished Phones with /e/ OS Available Soon, Mozilla Announces Firefox 68 Beta 6 Test Day and PostgreSQL 12 Beta Released

Tuesday 28th of May 2019 01:59:44 PM

News briefs for May 28, 2019.

Kernel 5.2-rc2 was released over the weekend. Linus Torvalds writes: "Hey, what's to say? Fairly normal rc2, no real highlights - I think most of the diff is the SPDX updates. Who am I kidding? The highlight of the week was clearly Finland winning the ice hockey world championships. So once you sober up from the celebration, go test".

The Ubuntu Security Team announces its new Ubuntu Security Podcast. The weekly podcast will cover "the various security updates that have been published across the Ubuntu releases, describing the technical details of both the security vulnerabilities as well as the fixes involved". The podcast is available from iTunes, Spotify, Google Podcasts or RSS.

You can send the E Foundation your phone if you'd like a Google-free Android. FOSS Bytes reports that with the E Foundation's /e/ OS, "the main goal of /e/ is to take away Google's control over the device. It doesn't include any Google apps that you'd normally find on Android phones. Other than UI tweaks and pre-loading all the essential apps like Browser, Contacts, Calendar, Messaging, it even has an App Store of its own. You can also have an /e/ account, and take advantage of its cloud storage service, mail, and search." The E Foundation will soon be selling refurbished devices with the OS here, and according to Foss Bytes, you will be able to send them your phone, and they will install it for around $50. Or, you can flash your phone yourself and install the beta ROM, which you can download from here. It currently supports 81 devices from Google, Motorola, Huawei, Samsung and more.

Mozilla announces Friday, May 31, 2019, will be a test day for Firefox 68 Beta 6. The test will focus on Activity Stream and Pin Firefox shortcut to taskbar for Windows 10. If you're interested, see this etherpad for instructions. No experience with testing is needed, and you can join Mozilla at #qa on IRC.

PostgreSQL 12 Beta was released last week. This is the first beta release of version 12, and it includes previews of all the new features that will be available in the final version of PostgreSQL 12. The announcement notes that "In the spirit of the open source PostgreSQL community, we strongly encourage you to test the new features of PostgreSQL 12 in your database systems to help us eliminate any bugs or other issues that may exist. While we do not advise you to run PostgreSQL 12 Beta 1 in your production environments, we encourage you to find ways to run your typical application workloads against this beta release." See the Beta Testing Page for more information.

News kernel Ubuntu Security /e/ Android Google Mozilla Firefox PostgreSQL

Breaking Up Apache Log Files for Analysis

Monday 27th of May 2019 11:00:00 AM
by Dave Taylor

Dave tackles analysis of the ugly Apache web server log.

I know, in my last article I promised I'd jump back into the mail merge program I started building a while back. Since I'm having some hiccups with my AskDaveTaylor.com web server, however, I'm going to claim editorial privilege and bump that yet again.

What I need to do is be able to process Apache log files and isolate specific problems and glitches that are being encountered—a perfect use for a shell script. In fact, I have a script of this nature that offers basic analytics in my book Wicked Cool Shell Scripts from O'Reilly, but this is a bit more specific.

Oh Those Ugly Log Files

To start, let's take a glance at a few lines out of the latest log file for the site:

$ head sslaccesslog_askdavetaylor.com_3_8_2019 18.144.59.52 - - [08/Mar/2019:06:10:09 -0600] "GET /wp-content/ ↪themes/jumpstart/framework/assets/js/nivo.min.js?ver=3.2 ↪HTTP/1.1" 200 3074 "https://www.askdavetaylor.com/how-to-play-dvd-free-windows- ↪10-win10/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) ↪AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ ↪64.0.3282.140 Safari/537.36 Edge/18.17763 X-Middleton/1" ↪52.53.151.37 - - [08/Mar/2019:06:10:09 -0600] "GET ↪/wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1" ↪200 33766 "https://www.askdavetaylor.com/how-to-play ↪-dvd-free-windows-10-win10/" "Mozilla/5.0 (Windows NT ↪10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ↪Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763 ↪X-Middleton/1" 18.144.59.52 - - [08/Mar/2019:06:10:09 ↪-0600] "GET /wp-content/plugins/google-analytics-for- ↪wordpress/assets/js/frontend.min.js?ver=7.4.2 HTTP/1.1" ↪200 2544 "https://www.askdavetaylor.com/how-to-play ↪-dvd-free-windows-10-win10/" ↪"Mozilla/5.0 (Windows NT 10.0; Win64; x64) ↪AppleWebKit/537.36 (KHTML, like Gecko) ↪Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763 ↪X-Middleton/1"

It's big and ugly, right? Okay, then let's just isolate a single entry to see how it's structured:

18.144.59.52 - - [08/Mar/2019:06:10:09 -0600] "GET ↪/wp-content/themes/jumpstart/framework/assets/js/ ↪nivo.min.js?ver=3.2 HTTP/1.1" 200 3074 "https://www.askdavetaylor.com/how-to-play-dvd-free-windows- ↪10-win10/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 ↪Safari/537.36 Edge/18.17763 X-Middleton/1"

That's still obfuscated enough to kick off a migraine!

Fortunately, the Apache website has a somewhat clearer explanation of what's known as the custom log file format that's in use on my server. Of course, it's described in a way that only a programmer could love:

Go to Full Article

Build Your Own Internet Radio Receiver

Monday 27th of May 2019 11:00:00 AM
by Nick Tufillaro

Tune in to communities around the world with the push of a button.

When I get home at night, I like to tune into the world with the push of a button. I've lived in lots of different places—from Dunedin, New Zealand, to Santa Fe, New Mexico—and in each town, I've come to love a radio station (usually a community radio station) that embodies the spirit of the place. With the push of a button, I can get a bit back in sync with each of these places and also visit new communities, thanks to internet radio.

Why build your own internet radio receiver? One option, of course, is simply to use an app for a receiver. However, I've found that the most common apps don't keep their focus on the task at hand, and are increasingly distracted by offering additional social-networking services. And besides, I want to listen now. I don't want to check into my computer or phone, log in yet again, and endure the stress of recalling YAPW (Yet Another PassWord). I've also found that the current offering of internet radio boxes falls short of my expectations. Like I said, I've lived in a lot of places—more than two or four or eight. I want a lot of buttons, so I can tune in to a radio station with just one gesture. Finally, I've noticed that streams are increasingly problematic if I don't go directly to the source. Often, streams chosen through a "middle man" start with an ad or blurb that is tacked on as a preamble. Or sometimes the "middle man" might tie me to a stream of lower audio quality than the best being served up.

So, I turned to building my own internet radio receiver—one with lots of buttons that allow me to "tune in" without being too pushy. In this article, I share my experience. In principle, it should be easy—you just need a Linux distro, a ship to sail her on and an external key pad for a rudder. In practice, it's not too hard, but there are a few obstacles along the course that I hope to help you navigate.

My recipe list included the following:

  1. A used notebook with an ultra low voltage (Core 2 Duo) processor.
  2. An audio interface with an optical TOSLINK.
  3. pyradio: an open-source Python radio program.
  4. An external keypad.

Figure 1. My Hardware Setup

Why a notebook and not a Raspberry Pi or ship of a similar ilk? Mostly due to time—my time in particular. It's not too hard to find a high quality notebook about ten years old for about $50, so the cost is really not that different, and I find the development platform to be much quicker.

Go to Full Article

Blindered by the GDPR

Saturday 25th of May 2019 11:58:24 AM
by Doc Searls

I usually don't like new tech regulations.

One reason is that technology changes so fast that new regulations tend to protect yesterday from last Thursday.

Another reason is that lawmakers tend to know little or nothing about tech. One former high U.S. government official once told a small group of us, roughly, "There are two things almost nobody in Congress understands. One is technology and the other is economics. So good luck."

Still, I had high hopes for the GDPR (the EU's General Data Protection Regulation), which famously went into effect one year ago. I suggested that we re-brand 25 May "Privmas Day" (hashtag #privmas), since I expected the GDPR would go far toward protecting personal privacy online, which prior to that date had been approximately nil. Back in 2017, I said (onstage, in front of thousands) the GDPR would be "an extinction event for  adtech in Europe."

Here in Linux Journal, I put up  an FUQ for the GDPR (the U meaning "Unanswered"), meant to provide guidance toward new developments that could give each of us many new forms of agency online, as well as some privacy. Because I really did expect the GDPR to encourage both.

Alas, mostly it hasn't. Worse, most of its early effects have been negative. For example,

Go to Full Article

Episode 19: Democratizing Cybersecurity

Friday 24th of May 2019 02:18:16 PM
Your browser does not support the audio element. Reality 2.0 - Episode 19: Democratizing Cybersecurity

Katherine Druckman and Doc Searls talk to Alex Gounares of Polyverse Linux about Cybersecurity for everyone.

ZFS On Linux 0.8 Released, BlackArch Linux 2019.06.01 Now Available, Canonical Releases Updated intel-microcode Firmware, Peppermint 10 Is Out, and Guardian Digital Celebrates 20 Years of Email Security with the Power of Open Source

Friday 24th of May 2019 01:34:17 PM

News briefs for May 24, 2019.

ZFS On Linux 0.8 has been released. This new version supports up through the 5.1 stable series. Phoronix reports that "ZFS On Linux 0.8 adds native encryption support as well as raw encrypted ZFS send/receive support. Other prominent feature additions for this ZFS Linux file-system code include support for device removal, pool checkpoints, TRIM/discard for solid-state drives is finally here, pool initialize support, Python 3 compatibility with its tools, the ability to tap the Linux kernel's direct I/O interfaces, various performance improvements, and much more." See GitHub for more details.

BlackArch Linux 2019.06.01 is now available. This version of the Arch-based distro for penetration testing and security researchers includes more than 150 new tools, updated vim plugins, Linux kernel 5.1.4, updated all system packages and much more. You can download ISOs or OVA images here.

Canonical has released updated intel-microcode firmware in response to new MDS security vulnerabilities discovered on systems running Intel Cherry Trail and Intel Bay Trail processors. According to Softpedia News, "If you are using Ubuntu 19.04 (Disco Dingo), Ubuntu 18.10 (Cosmic Cuttlefish), Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 16.04 LTS (Xenial Xerus), or Ubuntu 14.04 ESM (Trusty Tahr) on a computer powered by an Intel CPU, you must update the intel-microcode packages to version 3.20190514.0 as soon as possible, as well as to install the latest available Linux kernel package for your Ubuntu version."

Peppermint 10 was released recently. The main changes include kernel 4.18.0-18 (which will eventually roll onto the 5.xx kernel automatically), updated xorg stack, proprietary NVIDIA drivers are now installed automatically, and more. See the full release notes for more information. You can download Peppermint from here.

Guardian Digital, the open-source email security provider, is celebrating "20 years of revolutionizing email security using the power of Open Source". In honor of this anniversary, it is "offering 20% off EnGarde Email Security Gateway to businesses that sign up for a free trial during June 2019." Go here for more information on the Guardian Digital EnGarde Email Security Gateway.

News ZFS On Linux BlackArch Linux Security Canonical Intel Ubuntu Peppermint email Guardian Digital

Knot DNS: One Tame and Sane Authoritative DNS Server

Friday 24th of May 2019 12:30:00 PM
by Thomas Golden

How to install and minimally configure Knot to act as your home lab's local domain master and slave servers.

If you were a regular viewer of the original Saturday Night Live era, you will remember the Festrunks, two lewd but naïve Czech brothers who were self-described "wild and crazy guys!" For me, Gyorg and Yortuk (plus having my binomial handed to me by tests designed by a brilliant Czech professor at the local university's high-school mathematics contests) were the extent of my knowledge of the Czech Republic.

I recently discovered something else Czech, and it's not wild and crazy at all, but quite tame and sane, open-source and easy to configure. Knot DNS is an authoritative DNS server written in 2011 by the Czech CZ.NIC organization. They wrote and continue to maintain it to serve their national top-level domain (TLD) as well as to prevent further extension of a worldwide BIND9 software monoculture across all TLDs. Knot provides a separate fast caching server and resolver library alongside its authoritative server.

Authoritative nameserver and caching/recursive nameserver functions are separated for good reason. A nameserver's query result cache can be "poisoned" by queries that forward to malicious external servers, so if you don't allow the authoritative nameserver to answer queries for other domains, it cannot be poisoned and its answers for its own domain can be trusted.

A software monoculture means running identical software like BIND9 everywhere rather than different software providing identical functionality and interoperability. This is bad for the same reasons we eventually will lose our current popular species of banana—being genetically identical, all bananas everywhere can be wiped out by a single infectious agent. As with fruit, a bit of genetic diversity in critical infrastructure is a good thing.

In this article, I describe how to install and minimally configure Knot to act as your home lab's local domain master and slave servers. I will secure zone transfer using Transaction Signatures (TSIG). Although Knot supports DNSSEC, I don't discuss it here, because I like you and want you to finish reading before we both die of old age. I assume you already know what a DNS zone file is and what it looks like.

Go to Full Article

GitHub Launches New Sponsors Tool, Total War: THREE KINGDOMS Is Out on Linux, IBM Announces Expansion of its IBM Watson Decision Platform for Agriculture, Elisa 0.4.0 Released and NASA Deploys Astrobee Robots Running Ubuntu on the Space Station

Thursday 23rd of May 2019 01:42:13 PM

News briefs for May 23, 2019.

GitHub launches a new tool called Sponsors that lets you make payments to open-source developers. Tech Crunch reports, that "Developers will be able to opt into having a 'Sponsor me' button on their GitHub repositories and open source projects will also be able to highlight their funding models, no matter whether that's individual contributions to developers or using Patreon, Tidelift, Ko-fi or Open Collective.

Feral Interactive announces that Total War: THREE KINGDOMS is out on Linux and macOS, the same day as the Windows release. The game was developed by Creative Assembly and is the first in the Total War series to be set in ancient China. It's available now from the Feral Interactive Store for $59.99, and you can watch the trailer here.

IBM announces global expansion of its IBM Watson Decision Platform for Agriculture. From the press release: "For the first time, IBM is providing a global agriculture solution that combines predictive technology with data from The Weather Company, an IBM Business, and IoT data to help give farmers around the world greater insights about planning, plowing, planting, spraying and harvesting."

Elisa 0.4.0 has been released. This version of the KDE community-developed music player has several new features, including improved grid views elements, support for libVLC and more. You can get it via the flathub package or the source code tarball.

NASA has deployed three "Astrobee" robots on the International Space Station to do house-keeping tasks. According to Linux Gizmos "the bots run Ubuntu/ROS and Android 7.1 on Snapdragon-based Inforce modules and a Wandboard and feature 3x payload bays, 6x cameras, and a touchscreen." The Astrobees are named Honey, Queen and Bumble. Linux Gizmos writes that their chief job "is to let astronauts remotely monitor equipment via the bots' cameras and mic while the they're working elsewhere on the ISS. They can also perform inventory and do other housekeeping chores, or act as a general-purpose floating touchscreen computer."

News GitHub gaming Feral Interactive IBM IOT AI Elisa KDE multimedia NASA Ubuntu Android

Crazy Compiler Optimizations

Thursday 23rd of May 2019 11:30:00 AM
by Zack Brown

Kernel development is always strange. Andrea Parri recently posted a patch to change the order of memory reads during multithreaded operation, such that if one read depended upon the next, the second could not actually occur before the first.

The problem with this was that the bug never could actually occur, and the fix made the kernel's behavior less intuitive for developers. Peter Zijlstra, in particular, voted nay to this patch, saying it was impossible to construct a physical system capable of triggering the bug in question.

And although Andrea agreed with this, he still felt the bug was worth fixing, if only for its theoretical value. Andrea figured, a bug is a bug is a bug, and they should be fixed. But Peter objected to having the kernel do extra work to handle conditions that could never arise. He said, "what I do object to is a model that's weaker than any possible sane hardware."

Will Deacon sided with Peter on this point, saying that the underlying hardware behaved a certain way, and the kernel's current behavior mirrored that way. He remarked, "the majority of developers are writing code with the underlying hardware in mind and so allowing behaviours in the memory model which are counter to how a real machine operates is likely to make things more confusing, rather than simplifying them!"

Still, there were some developers who supported Andrea's patch. Alan Stern, in particular, felt that it made sense to fix bugs when they were found, but that it also made sense to include a comment in the code, explaining the default behavior and the rationale behind the fix, even while acknowledging the bug never could be triggered.

But, Andrea wasn't interested in forcing his patch through the outstretched hands of objecting developers. He was happy enough to back down, having made his point.

It was actually Paul McKenney, who had initially favored Andrea's patch and had considered sending it up to Linus Torvalds for inclusion in the kernel, who identified some of the deeper and more disturbing issues surrounding this whole debate. Apparently, it cuts to the core of the way kernel code is actually compiled into machine language. Paul said:

We had some debates about this sort of thing at the C++ Standards Committee meeting last week.

Pointer provenance and concurrent algorithms, though for once not affecting RCU! We might actually be on the road to a fix that preserves the relevant optimizations while still allowing most (if not all) existing concurrent C/C++ code to continue working correctly. (The current thought is that loads and stores involving inline assembly, C/C++ atomics, or volatile get their provenance stripped. There may need to be some other mechanisms for plain C-language loads and stores in some cases as well.)

Go to Full Article

The Antergos Distro Is Ending, HP Linux Imaging and Printing Software Updated to Version 3.19.5, Kail Linux 2019.2 Is Out, Tails 3.14 Released and openSUSE 15.1 Leap Is Now Available

Wednesday 22nd of May 2019 01:53:47 PM

News briefs for May 22, 2019.

The Antergos Linux distro is calling it quits. The developers of the Arch-based distro say they no longer have time to maintain it properly, and are taking the action now while the code is still working in case other developers want to start their own projects with it. From the Antergos blog: "For existing Antergos users: there is no need to worry about your installed systems as they will continue to receive updates directly from Arch. Soon, we will release an update that will remove the Antergos repos from your system along with any Antergos-specific packages that no longer serve a purpose due to the project ending. Once that is completed, any packages installed from the Antergos repo that are in the AUR will begin to receive updates from there."

HP Linux Imaging and Printing (HPLIP) software has been updated to version 3.19.5 for Linux-based OSes. According to Softpedia News, this new release of the open-source and free print, scan and fax driver solution for HP printers and scanners supports "a plethora of new HP printers" (too many to list here), and it also brings support for several new distros, such as "Ubuntu 19.04 (Disco Dingo), Debian GNU/Linux 9.8, and Fedora 30". See the official HPLIP 3.19.5 Release Notes for more information.

Kali Linux announces its second release of the year, Kali Linux 2019.2. This release "brings our kernel up to version 4.19.28, fixes numerous bugs, includes many updated packages, and most excitingly, features a new release of Kali Linux NetHunter!" You can download it from here.

Tails 3.14 has been released. The release fixes many security issues, so you are urged to update as soon as possible. Some changes include an update to kernel 4.19.37, enabling "all available mitigations for the MDS (Microarchitectural Data Sampling) attacks and disable SMT (simultaneous multithreading) on all vulnerable processors to fix the RIDL, Fallout and ZombieLoad security vulnerabilities" and updating the Tor Browser to 8.5, among others.

openSUSE 15.1 Leap has been released. This release includes a huge number of new features, such as improved YaST functionality, an entirely new graphics stack update and much more. Go here to download the ISO image and see the openSUSE Wiki for more details on all of the new features in 15.1

News Antergos Distributions HP Kali Linux Tails openSUSE

Bringing the Benefits of Linux Containers to Operational Technology

Wednesday 22nd of May 2019 12:30:00 PM
by Pavan Singh

Linux container technology was introduced more than a decade ago and has recently jumped in adoption in IT environments. However, the OT (operational technology) environments, typically made up of heterogenous embedded systems, have lagged in the adoption of container technologies, due to both the unique technology requirements and the business models that relied on proprietary systems. In this article, I explore recent innovation in open-source offerings that are enabling the use of containers in OT use cases, such as industrial control systems, IoT gateways, medical devices, Radio Access Network (RAN) products and network appliances.

Enterprise IT leaders have adopted “cloud-native” computing architectures because of the innovation velocity and cost benefits derived by the approach. To leverage containers, developers segment applications into modular micro-services that enable flexible development and deployment models. These micro-services are then deployed as containers where the service itself is integrated with the required libraries and functions. On containerization, these application components have small footprints and fast speeds of deployment. The applications become highly portable across compute architectures due to the abstraction away from the hardware and the operating system.

The benefits of flexibility and the modularity offered by container-based architectures are fully realized when leveraged in conjunction with higher-level orchestration systems that can manage the containers throughout their entire lifecycle. Kubernetes, the leading open-source orchestration system for containers, has gained a lot of traction over the last few years. Initially developed by Google, the Kubernetes project is now maintained by the Cloud Native Compute Foundation (CNCF). CNCF is dedicated to reducing the friction around the adoption of cloud-native technologies and brings to bear a few key cloud-native projects, such as Kubernetes, Prometheus and Envoy. This is an example of an open-source organization that has fostered collaboration among the entire value chain – developers, end-users and vendors. Today’s CNCF membership includes significant technology brands, such as Amazon, Cisco, Google, Microsoft, Oracle, SAP and many others.

Containers and other cloud-native paradigms were initially developed with IT environments in mind. And as these technologies have matured and the capability of the cloud-native technologies increased, the OT decision-makers have taken notice. And as more developers get access to container technology, they are going through a journey of their own, albeit one that is different from the journey of the IT developers over the last decade.

Go to Full Article

Firefox 67.0 Released, ownCloud Announces New Server Version 10.2, Google Launches "Glass Enterprise Edition 2" Headset, Ubuntu Expands Its Kernel Uploader Team and Kenna Security Reports Almost 20% of Popular Docker Containers Have No Root Password

Tuesday 21st of May 2019 01:55:33 PM

News briefs for May 21, 2019.

Firefox 67.0 was released today. From the Mozilla blog: "Today's new Firefox release continues to bring fast and private together right at the crossroads of performance and security. It includes improvements that continue to keep Firefox fast while giving you more control and assurance through new features that your personal information is safe while you're online with us." You can download it from here, and see the release notes for details.

ownCloud announces its new server version 10.2, which introduces advanced sharing permissions, a secure view feature and automatic synchronization between federated clouds. From the press release: "the new server version of ownCloud focuses on more freedom and security in file distribution. The "Advanced Sharing Permissions" feature in particular provides developers with far-reaching options for implementing individual release functions at user and group level as well as providing data with special security settings."

Google has launched a "Glass Enterprise Edition 2" headset. According to Linux Gizmos, the new device has a "faster processor, longer battery life, improved camera and wireless features, and a reduced $999 price" compared with the previous Glass Enterprise Edition. It "runs Android Oreo on a faster, quad-core, 1.7GHz Snapdragon XR1 SoC with an 8MP camera, WiFi-ac, BT 5.x, a USB Type-C port, and longer battery life."

Ubuntu has expanded its Kernel Uploader Team. Phoronix reports that it's "a sign of the times with the Linux kernel being affected by an increasing number of CVEs (and particularly high profile ones at that), there are now more Ubuntu developers with upload rights for sending down new kernel upgrades." New to the Kernel Uploaders Team are Tyler Hicks, Juerg Haefliger and Khalid Elmously.

Kenna Security reports that "nearly 20% of the 1000 most popular Docker containers have no root password". Researcher Jerry Gamblin built a script to find null root Docker containers, available on GitHub that found some well known names: "govuk/governmentpaas, hashicorp, microsoft, monsanto, and mesosphere. kylemanna/openvpn is the most popular container on the list and it has over 10,000,000 pulls." He also notes that "The findings are interesting, but I don't want to be overly alarmist. Just because a container has no root password does not mean that it is automatically vulnerable. These findings could lead to configuration-based vulnerabilities in certain situations, as was the case with this the Alpine Linux vulnerability."

News Firefox Mozilla Privacy OwnCloud Google Ubuntu kernel Docker

WebAuthn Web Authentication with YubiKey 5

Tuesday 21st of May 2019 12:00:00 PM
by Todd A. Jacobs

A look at the recently released YubiKey 5 hardware authenticator series and how web authentication with the new WebAuthn API leverages devices like the YubiKey for painless website registration and strong user authentication.

I covered the YubiKey 4 in the May 2016 issue of Linux Journal, and the magazine has published a number of other articles on both YubiKeys and other forms of multi-factor authentication since then. Yubico recently has introduced the YubiKey 5 line of products. In addition to the YubiKey's long-time support of multiple security protocols, the most interesting feature is the product's new support for FIDO2 and WebAuthn.

WebAuthn is an application programming interface (API) for web authentication. It uses cryptographic "authenticators", such as a YubiKey 5 hardware token to authenticate users, in addition to (or even instead of) a typical user name/password combination. WebAuthn is currently a World Wide Web Consortium (W3C) candidate recommendation, and it's already implemented by major browsers like Chrome and Firefox.

This article provides an overview of the YubiKey 5 series, and then goes into detail about how the WebAuthn API works. I also look at how hardware tokens, such as the YubiKey 5 series, hide the complexity of WebAuthn from users. My goal is to demonstrate how easy it is to use a YubiKey to register and authenticate with a website without having to worry about the underlying WebAuthn API.

About the YubiKey 5 Series

The YubiKey 5 series supports a broad range of two-factor and multi-factor authentication protocols, including:

  • Challenge-response (HMAC-SHA1 and Yubico OTP).
  • Client to Authenticator Protocol (CTAP).
  • FIDO Universal 2nd-Factor authentication (U2F).
  • FIDO2.
  • Open Authorization, HMAC-Based One-Time Password (OATH-HOTP).
  • Open Authorization, Time-Based One-Time Password (OATH-TOTP).
  • OpenPGP.
  • Personal Identity Verification (PIV).
  • Web Authentication (WebAuthn).
  • Yubico One-Time Password (OTP).

In addition, the entire YubiKey 5 series (with the exception of the U2F/FIDO2-only Security Key model) now supports OpenPGP public key cryptography with RSA key sizes up to 4096 bits. This is a notable bump from the key sizes supported by some earlier models. Yubico's OpenPGP support also includes an additional slot for an OpenPGP authentication key for use within an SSH-compatible agent, such as GnuPG's gpg-agent.

Figure 1. YubiKey 5 Series

Go to Full Article

Kernel 5.2-rc1 Is Out, Xfce 4.14 Pre-Release Now Available, Microsoft Open-Sources Its SPTAG Algorithm, South Korean Government Switching to Linux and Arduino Launches Four New Nano Boards

Monday 20th of May 2019 01:58:43 PM

News briefs for May 20, 2019.

Linux kernel 5.2-rc1 is out. Linus Torvalds writes: "Things look fairly normal. Just about two thirds of the patch is drivers (all over), with the bulk of the rest being arch updates, tooling, documentation and vfs/filesystem updates, of which there were more than usual (the unicode tables for ext4 case insensitivity do end up being a big part of the "bulk" side). But there's core networking, kernel and vm changes too - it's just that the other areas tend to simply be much bulkier."

The the first pre-release of Xfce 4.14 is now available. Simon Steinbeiß's blog post covers only the changes in the latest development release, as the Xfce 4.12 was four years ago. Highlights include FailSafeSession has been fixed, improvements to vertical blanking support, a new colord front end was added, and much more.

Microsoft recently released its SPTAG algorithm as MIT-licensed open source on GitHub. Ars Technica reports that this algorithm is part of what gives Bing its smarts, noting that "Developers can use this algorithm to search their own sets of vectors and do so quickly: a single machine can handle 250 million vectors and answer 1,000 queries per second." This release is part of the company's effort to "Democratize AI".

The South Korean government plans to switch to Linux as the end of Windows 7 support nears. According to ZDNet, "the nation's Interior Ministry last week announced plans for a potentially major Linux deployment as part of a plan to cut tech costs and reduce its reliance on a single operating system. It's not known what mix of Windows 7 and Windows 10 the Korean government currently uses, however the plan to adopt Linux more widely comes as organizations around the world prepare for the end of Windows 7 support on January 14, 2020."

The Arduino team announced the launch of four new Nano boards: Arduino Nano Every, "perfect for everyday projects"; Arduino Nano 33 IoT, "small, secure, and Internet-connected"; Arduino Nano 33 BLE, "small, low-power, and Bluetooth-connected"; and Arduino Nano BLE Sense, "small, low-power, and Bluetooth-connected with a wide range of on-board sensors". The boards start at just $9.90 for the Nano Every. Arduino co-founder Massimo Banzi commented that the new Nanos "are for those millions of makers who love using the Arduino IDE for its simplicity and open source aspect, but just want a great value, small and powerful board they can trust for their compact projects".

News kernel XFCE Microsoft Machine Learning AI Arduino Government open source

Data in a Flash, Part II: Using NVMe Drives and Creating an NVMe over Fabrics Network

Monday 20th of May 2019 11:00:00 AM
by Petros Koutoupis

By design, NVMe drives are intended to provide local access to the machines they are plugged in to; however, the NVMe over Fabric specification seeks to address this very limitation by enabling remote network access to that same device.

This article puts into practice what you learned in Part I and shows how to use NVMe drives in a Linux environment. But, before continuing, you first need to make sure that your physical (or virtual) machine is up to date. Once you verify that to be the case, make sure you're able to see all connected NVMe devices:

$ cat /proc/partitions |grep -e nvme -e major major minor #blocks name 259 0 3907018584 nvme2n1 259 1 3907018584 nvme3n1 259 2 3907018584 nvme0n1 259 3 3907018584 nvme1n1

Those devices also will appear in sysfs:

$ ls /sys/block/|grep nvme nvme0n1 nvme1n1 nvme2n1 nvme3n1

If you don't see any connected NVMe devices, make sure the kernel module is loaded:

petros@ubu-nvme1:~$ lsmod|grep nvme nvme 32768 0 nvme_core 61440 1 nvme

Next, install the drive management utility called nvme-cli. This utility is defined and maintained by the very same NVM Express committee that defined the NVMe specification. The nvme-cli source code is hosted on GitHub. Fortunately, some operating systems offer this package in their internal repositories. Installing it on the latest Ubuntu looks something like this:

petros@ubu-nvme1:~$ sudo add-apt-repository universe petros@ubu-nvme1:~$ sudo apt update && sudo apt install ↪nvme-cli

Using this utility, you're able to list more details of all connected NVMe drives (note: the tabular output below has been reformatted and truncated to better fit here):

Go to Full Article

Hewlett Packard Enterprise to Buy Cray, ManagedKube Launches k8sBot, Purism's Librem One Suite Surpasses Crowdfunding Goal, Cloudflare Announces Support of BinaryAST and the Zombieload Intel Processor Vulnerability

Friday 17th of May 2019 01:54:42 PM

News briefs for Friday, May 17, 2019.

Hewlett Packard Enterprise to buy Supercomputer-maker Cray. Bloomberg reports that the deal is "valued at about $1.4 billion as the firm works to become more competitive in high-end computing", and "Cray investors will get $35 a share in cash".

ManagedKube launches k8sBot, "an app that provides a point-and-click user interface for Kubernetes in Slack", available on the Google Cloud Platform (GCP) Marketplace. From the press release: "Companies can now ensure that all their team members have access to Kubernetes information. ManagedKube's k8sBot provides an easy-to-use interface in Slack so users can retrieve pod status, get pod logs, and get real-time troubleshooting recommendations with just one click. DevOps teams can get more done with k8sBot by easily sharing Kubernetes information in Slack, where team discussions are already happening, and automating DevOps support by democratizing access to Kubernetes information." You can install ManagedKube's k8sBot from here.

Purism's Librem One Suite surpasses its Crowdfunding goal after two weeks, demonstrating the "demand for ethical alternatives to Big Tech as data privacy snafus continue to plague users on a weekly basis". The Librem One Suite includes "end-to-end encrypted chat, end-to-end encrypted mail, and end-to-end encrypted VPN, as well as an open public social network. More services, such as end-to-end encrypted cloud storage, payments, and phone service, will be built in the future and added to the bundle. All current and future services in Librem One have no ads, do not track users, do not look at, sell, or share anything people create or send, and are available on popular platforms like Android and iOS." See Founder and CEO Todd Weaver's blog post 5000 Happy Librem One Users!" for more details.

Cloudflare this morning announces its support of BinaryAST. From the press release: "BinaryAST is a new over-the-wire format for JavaScript proposed and actively developed by Mozilla that aims to speed up parsing while keeping the semantics of the original JavaScript intact." See also the Cloudflare blog post "Faster script loading with BinaryAST" and VentureBeat's "Cloudflare-supported BinaryAST promises dramatically faster JavaScript apps" for more information.

Researchers have discovered another Intel processor vulnerability called Zombieload. According to ZDNet, "The researchers have shown a Zombieload exploit that can look over your virtual shoulder to see the websites you're visiting in real-time. Their example showed someone spying on another someone using the privacy-protecting Tor Browser running inside a virtual machine (VM)." But there's some good news: "To defend yourself, your processor must be updated, your operating system must be patched, and for the most protection, Hyper-Threading disabled. When Meltdown and Spectre showed up, the Linux developers were left in the dark and scrambled to patch Linux. This time, they've been kept in the loop."

News Hewlett Packard Enterprise supercomputing Cray ManagedKube k8sBot Kubernetes Purism Librem One Security Privacy Cloudflare BinaryAST Mozilla Zombieload Intel

FOSS Project Spotlight: Bareos, a Cross-Network, Open-Source Backup Solution

Friday 17th of May 2019 12:00:00 PM
by Heike Jurzik a…

Bareos (Backup Archiving Recovery Open Sourced) is a cross-network, open-source backup solution that preserves, archives and recovers data from all major operating systems. The Bareos project started 2010 as a Bacula fork and is now being developed under the AGPLv3 license.

The client/server-based backup solution is actually a set of computer programs (Figure 1) that communicate over the network: the Bareos Director (BD), one or more Storage Dæmons (SD) and the File Dæmons (FD). Due to this modular design, Bareos is scalable—from single computer systems (where all components run on one machine) to large infrastructures with hundreds of computers (even in different geographies).

Figure 1. A Typical Bareos Setup: Director (with Database), File Dæmon(s), Storage Dæmon(s) and Backup Media

The director is the central control unit for all other dæmons. It manages the database (catalog), the connected clients, the file sets (they define which data Bareos should back up), the configuration of optional plugins, before and after jobs (programs to be executed before or after a backup job), the storage and media pool, schedules and the backup jobs. Bareos Director runs as a dæmon.

The catalog maintains a record of all backup jobs, saved files and volumes used. Current Bareos versions support PostgreSQL, MySQL and SQLite, with PostgreSQL being the preferred database back end.

The File Dæmon (FD) must be installed on every client machine. It is responsible for the backup as well as the restore process. The FD receives the director's instructions, executes them and transmits the data to the Bareos Storage Dæmon. Bareos offers pre-packed file dæmons for many popular operating systems, such as Linux, FreeBSD, AIX, HP-UX, Solaris, Windows and macOS. Like the director, the FD runs as a dæmon in the background.

The Storage Dæmon (SD) receives data from one or more File Dæmons (at the director's request). It stores the data (together with the file attributes) on the configured backup medium. Bareos supports various types of backup media, as shown in Figure 1, including disks, tape drives and even cloud storage solutions. During the restore process, the SD is responsible for sending the correct data back to the FD(s). The Storage Dæmon runs as a dæmon on the machine handling the backup device(s).

Backup Jobs

A backup job defines what to back up (FileSet directive for the client), when to back up (schedule) and where to back up (for example, on a disk, tape, etc.). Bareos is quite flexible, and you can mix different directives. So you can have different job definitions (resources), backing up different machines, but using the same schedule, the same FileSet and even the same backup medium.

Go to Full Article

IPFire 2.23 - Core Update 131 Has a New Intrusion Prevention System, The Linux Foundation Launches the Urban Computing Foundation, the Atomic Pi Hits Retail, IBM to Expand Its "New Collar" Program to France, and New Capabilities and Services for IBM Z

Thursday 16th of May 2019 01:42:56 PM

News briefs for May 16, 2019.

IPFire 2.23 - Core Update 131 has been released. This release brings a new Intrusion Prevention System that makes your networks "more secure by deeply inspecting packets and trying to identify threats". See the IPFire blog for more details and instructions on how to migrate to the new IPS.

The Linux Foundation announces the formation of the Urban Computing Foundation "to accelerate open source software that improves mobility, safety, road infrastructure, traffic congestion and energy consumption in connected cities. Initial contributors include developers from Uber, Facebook, Google, HERE Technologies, IBM, Interline Technologies, Senseable City Labs, StreetCred Labs and University of California San Diego (UCSD)." The Foundation's first project is kepler.gl, "an open-source geospatial analysis tool created by Uber for building large-scale data sets".

The Atomic Pi has recently hit retail channels after its successful Kickstarter campaign (although it's currently sold out). Phoronix reports that the $35 Atomic Pi "offers an Intel Atom x5-Z8350 quad-core, 2GB DDR3L-1600 memory, 16GB eMMC, SD slot, USB 3.0/2.0 ports, 802.11ac WiFI, Bluetooth 4.0, and Gigabit Ethernet". The article also notes that "It's quite a board for the price and to compete with the likes of the Raspberry Pi." Go to Digital Loggers for more information.

IBM announces it will expand its "New Collar" program into France, "s part of a commitment to help prepare the French workforce for the business and social transformation being driven by hybrid cloud, digital and AI technologies." IBM plans to launch P-TECH schools in France to "provide technical and professional educational opportunities to young people, primarily from disadvantaged backgrounds". It also is launching "SkillsBuild, a new digital platform, which provides job seekers—including those returning to work after leave, the long-term unemployed, migrants, veterans and those changing professions—with the digital content, personalized coaching and experiential learning they need to gain technical and professional skills required to re-enter the workforce." Read the press release for more details.

In other IBM news, IBM this week announced new services and capabilities for IBM Z. One new feature is Tailored Fit Pricing, which is "pricing adjusts with usage, removing the need for complex and restrictive capping, and includes aggressive pricing for growth". The other new feature is IBM z/OS Container Extensions: "With z/OS Container Extensions, customers will be able to access the most recent development tools and processes available in Linux on the Z ecosystem, giving developers the flexibility to build new, cloud-native containerized apps and deploy them on z/OS without requiring Linux or a Linux partition."

News IPFire Security The Linux Foundation Urban Computing Foundation Atomic Pi SBCs IBM

More in Tux Machines

LWN: Spectre, Linux and Debian Development

  • Grand Schemozzle: Spectre continues to haunt

    The Spectre v1 hardware vulnerability is often characterized as allowing array bounds checks to be bypassed via speculative execution. While that is true, it is not the full extent of the shenanigans allowed by this particular class of vulnerabilities. For a demonstration of that fact, one need look no further than the "SWAPGS vulnerability" known as CVE-2019-1125 to the wider world or as "Grand Schemozzle" to the select group of developers who addressed it in the Linux kernel. Segments are mostly an architectural relic from the earliest days of x86; to a great extent, they did not survive into the 64-bit era. That said, a few segments still exist for specific tasks; these include FS and GS. The most common use for GS in current Linux systems is for thread-local or CPU-local storage; in the kernel, the GS segment points into the per-CPU data area. User space is allowed to make its own use of GS; the arch_prctl() system call can be used to change its value. As one might expect, the kernel needs to take care to use its own GS pointer rather than something that user space came up with. The x86 architecture obligingly provides an instruction, SWAPGS, to make that relatively easy. On entry into the kernel, a SWAPGS instruction will exchange the current GS segment pointer with a known value (which is kept in a model-specific register); executing SWAPGS again before returning to user space will restore the user-space value. Some carefully placed SWAPGS instructions will thus prevent the kernel from ever running with anything other than its own GS pointer. Or so one would think.

  • Long-term get_user_pages() and truncate(): solved at last?

    Technologies like RDMA benefit from the ability to map file-backed pages into memory. This benefit extends to persistent-memory devices, where the backing store for the file can be mapped directly without the need to go through the kernel's page cache. There is a fundamental conflict, though, between mapping a file's backing store directly and letting the filesystem code modify that file's on-disk layout, especially when the mapping is held in place for a long time (as RDMA is wont to do). The problem seems intractable, but there may yet be a solution in the form of this patch set (marked "V1,000,002") from Ira Weiny. The problems raised by the intersection of mapping a file (via get_user_pages()), persistent memory, and layout changes by the filesystem were the topic of a contentious session at the 2019 Linux Storage, Filesystem, and Memory-Management Summit. The core question can be reduced to this: what should happen if one process calls truncate() while another has an active get_user_pages() mapping that pins some or all of that file's pages? If the filesystem actually truncates the file while leaving the pages mapped, data corruption will certainly ensue. The options discussed in the session were to either fail the truncate() call or to revoke the mapping, causing the process that mapped the pages to receive a SIGBUS signal if it tries to access them afterward. There were passionate proponents for both options, and no conclusion was reached. Weiny's new patch set resolves the question by causing an operation like truncate() to fail if long-term mappings exist on the file in question. But it also requires user space to jump through some hoops before such mappings can be created in the first place. This approach comes from the conclusion that, in the real world, there is no rational use case where somebody might want to truncate a file that has been pinned into place for use with RDMA, so there is no reason to make that operation work. There is ample reason, though, for preventing filesystem corruption and for informing an application that gets into such a situation that it has done something wrong.

  • Hardening the "file" utility for Debian

    In addition, he had already encountered problems with file running in environments with non-standard libraries that were loaded using the LD_PRELOAD environment variable. Those libraries can (and do) make system calls that the regular file binary does not make; the system calls were disallowed by the seccomp() filter. Building a Debian package often uses FakeRoot (or fakeroot) to run commands in a way that appears that they have root privileges for filesystem operations—without actually granting any extra privileges. That is done so that tarballs and the like can be created containing files with owners other than the user ID running the Debian packaging tools, for example. Fakeroot maintains a mapping of the "changes" made to owners, groups, and permissions for files so that it can report those to other tools that access them. It does so by interposing a library ahead of the GNU C library (glibc) to intercept file operations. In order to do its job, fakeroot spawns a daemon (faked) that is used to maintain the state of the changes that programs make inside of the fakeroot. The libfakeroot library that is loaded with LD_PRELOAD will then communicate to the daemon via either System V (sysv) interprocess communication (IPC) calls or by using TCP/IP. Biedl referred to a bug report in his message, where Helmut Grohne had reported a problem with running file inside a fakeroot.

Flameshot is a brilliant screenshot tool for Linux

The default screenshot tool in Ubuntu is alright for basic snips but if you want a really good one you need to install a third-party screenshot app. Shutter is probably my favorite, but I decided to give Flameshot a try. Packages are available for various distributions including Ubuntu, Arch, openSuse and Debian. You find installation instructions on the official project website. Read more

Android Leftovers

IBM/Red Hat and Intel Leftovers

  • Troubleshooting Red Hat OpenShift applications with throwaway containers

    Imagine this scenario: Your cool microservice works fine from your local machine but fails when deployed into your Red Hat OpenShift cluster. You cannot see anything wrong with the code or anything wrong in your services, configuration maps, secrets, and other resources. But, you know something is not right. How do you look at things from the same perspective as your containerized application? How do you compare the runtime environment from your local application with the one from your container? If you performed your due diligence, you wrote unit tests. There are no hard-coded configurations or hidden assumptions about the runtime environment. The cause should be related to the configuration your application receives inside OpenShift. Is it time to run your app under a step-by-step debugger or add tons of logging statements to your code? We’ll show how two features of the OpenShift command-line client can help: the oc run and oc debug commands.

  • What piece of advice had the greatest impact on your career?

    I love learning the what, why, and how of new open source projects, especially when they gain popularity in the DevOps space. Classification as a "DevOps technology" tends to mean scalable, collaborative systems that go across a broad range of challenges—from message bus to monitoring and back again. There is always something new to explore, install, spin up, and explore.

  • How DevOps is like auto racing

    When I talk about desired outcomes or answer a question about where to get started with any part of a DevOps initiative, I like to mention NASCAR or Formula 1 racing. Crew chiefs for these race teams have a goal: finish in the best place possible with the resources available while overcoming the adversity thrown at you. If the team feels capable, the goal gets moved up a series of levels to holding a trophy at the end of the race. To achieve their goals, race teams don’t think from start to finish; they flip the table to look at the race from the end goal to the beginning. They set a goal, a stretch goal, and then work backward from that goal to determine how to get there. Work is delegated to team members to push toward the objectives that will get the team to the desired outcome. [...] Race teams practice pit stops all week before the race. They do weight training and cardio programs to stay physically ready for the grueling conditions of race day. They are continually collaborating to address any issue that comes up. Software teams should also practice software releases often. If safety systems are in place and practice runs have been going well, they can release to production more frequently. Speed makes things safer in this mindset. It’s not about doing the “right” thing; it’s about addressing as many blockers to the desired outcome (goal) as possible and then collaborating and adjusting based on the real-time feedback that’s observed. Expecting anomalies and working to improve quality and minimize the impact of those anomalies is the expectation of everyone in a DevOps world.

  • Deep Learning Reference Stack v4.0 Now Available

    Artificial Intelligence (AI) continues to represent one of the biggest transformations underway, promising to impact everything from the devices we use to cloud technologies, and reshape infrastructure, even entire industries. Intel is committed to advancing the Deep Learning (DL) workloads that power AI by accelerating enterprise and ecosystem development. From our extensive work developing AI solutions, Intel understands how complex it is to create and deploy applications for deep learning workloads. That?s why we developed an integrated Deep Learning Reference Stack, optimized for Intel Xeon Scalable processor and released the companion Data Analytics Reference Stack. Today, we?re proud to announce the next Deep Learning Reference Stack release, incorporating customer feedback and delivering an enhanced user experience with support for expanded use cases.

  • Clear Linux Releases Deep Learning Reference Stack 4.0 For Better AI Performance

    Intel's Clear Linux team on Wednesday announced their Deep Learning Reference Stack 4.0 during the Linux Foundation's Open-Source Summit North America event taking place in San Diego. Clear Linux's Deep Learning Reference Stack continues to be engineered for showing off the most features and maximum performance for those interested in AI / deep learning and running on Intel Xeon Scalable CPUs. This optimized stack allows developers to more easily get going with a tuned deep learning stack that should already be offering near optimal performance.