Language Selection

English French German Italian Portuguese Spanish

January 2020

today's leftovers

Filed under
  • Cloud is starting to smell a lot like legacy tech

    Cloud is already starting to smell a lot like legacy technology.

    That may seem an odd thing to suggest, but Amazon Web Services (AWS) has just made it plain by citing customer demand for extending support for its oldest Linux.

    AWS introduced its Linux, the Amazon Linux AMI, in September 2010. It did so for the oldest of reasons: it wanted an OS nicely-integrated with its own hardware, the same rationale that powered generations of minicomputers!

    The Linux AMI received rolling updates every six months and earlier versions could be updated or bug fixes incorporated into older versions. The last updated landed in early 2018.

    The AMI was replaced by Amazon Linux 2, a newer cut of the open source OS better-suited to its more recent innovations.

  • There Is Experimental Patches Providing Support For DXIL Shaders With VKD3D

    The Wine project's VKD3D initiative for translating Direct3D 12 support to Vulkan took another step forward today with patches for handling DXIL (Shader Model 6.0+) shaders with VKD3D, but the work in the current form may need to be re-worked.

    DXIL is the DirectX Intermediate Language that can be generated out of the conventional HLSL shaders. DXIL support as open-source has been apart of Microsoft's DirectXShaderCompiler in the path to ultimately an LLVM-based compiler. This works with Shader Model 6.0 and newer for DirectX 12.

  • Mesa 20.0's RADV Driver Deems Navi/GFX10 Stable, Vulkan 1.2 In Good Shape, ACO Fixes

    With Mesa 20.0 scheduled for branching today (though that could be delayed a few days potentially depending upon last minute requests), there's been a flurry of Radeon Vulkan "RADV" driver activity to squeeze into this first Mesa release series of 2020.


    While contingent upon the number of Mesa 20.0 release candidates ultimately needed, Mesa 20.0 stable should be out around the end of February.

  • Solus OS 4.1 Gnome Run Through

    In this video, we are looking at Solus OS 4.1 Gnome.

  • Jonathan McDowell: Hardware, testing and time

    This week I fixed a bug that dated back to last May. It was in a piece of hardware I assembled, running firmware I wrote most of. And it had been in operation since May without me noticing the issue.

    What was the trigger that led to me discovering the bug’s existence? The colder temperatures. See, the device in question is a Digispark/433MHz receiver/USB serial dongle combo that listens for broadcasts from a Digoo DG-R8H wireless temperature/humidity weather station monitor. This is placed outside, giving me external temperature data to feed into my home automation setup.

    The thing is, while Belfast is often cold and wet, it’s rarely really cold. So up until recently the fact I never saw sub-zero temperatures reported could just be attributed to the fact the sensor is on a window sill and the house probably has enough residual heat and it’s sheltered enough that it never actually got below zero. And then there were a few days where it obviously did and that wasn’t reflected in the results and so I scratched my head and dug out the code.

    It was obvious when I looked what the issue was; I made no attempt to try and deal with negative temperatures. My excuse for this is that my DS18B20 1-Wire temperature sensor code didn’t make any attempt to deal with negative temperatures either - it didn’t need to, as those are all deployed inside my home and if the temperature gets towards zero the heating is turned on. So first mistake; not thinking about the fact the external sensor was going to have a different set of requirements/limits than the internal one.

  • Debian package updates Digikam (6.4 and 7), Elixir, Kitty, Certbot

    I have updated some of the Debian packages distributed at, the complete list as of now is as below.

  • Microsoft Releases Surface Duo SDK On MacOS And Linux [Ed: ...and sooner or later they'll brick it or sabotage it some other way]
  • Neil Young Says the MacBook Pro Has 'Fisher-Price' Audio Quality

    Neil Young has some harsh words to describe Apple’s MacBook Pro audio quality. The long-time proponent of hi-res audio assailed the laptop for having ‘Fisher-Price’ quality audio.

Fedora and Red Hat: Good and Bad

Filed under
Red Hat
  • Fedora Magazine: 4 cool new projects to try in COPR for January 2020

    COPR is a collection of personal repositories for software that isn’t carried in Fedora. Some software doesn’t conform to standards that allow easy packaging. Or it may not meet other Fedora standards, despite being free and open source. COPR can offer these projects outside the Fedora set of packages. Software in COPR isn’t supported by Fedora infrastructure or signed by the project. However, it can be a neat way to try new or experimental software.

    This article presents a few new and interesting projects in COPR. If you’re new to using COPR, see the COPR User Documentation for how to get started.

  • Robbie Harwood: Fedora Has Too Many Security Bugs

    I don't work on Fedora security directly, but I do maintain some crypto components. As such, I have my own opinions about how things ought to work, which I will refrain from here. My intent is to demonstrate the problem so that the project can discuss solutions.

    To keep this easy to follow, my data and process is in a section at the end; curious readers should be able to double-check me.

  • Vague proposal: ship prebuilt initramfs images

    Measured boot involves generating cryptographic measurements of boot components and configuration and using that to either control access to a local secret (in the case of sealing secrets to a TPM) or proving to another device (eg, a remote server or a local phone) what was booted. We're shipping most of the infrastructure to do this, but we're still left with a pretty fundamental problem - we need to know what the expected values are in order to know whether something's been tampered with or not. For many components this isn't a huge problem (we build and distribute the files - users can extract them and calculate the appropriate measurements, and maybe long term we'll be able to ship the measurements in a digestable way), but our initramfs images are generated on the user system and include system-specific data. This makes it impractical to know the expected measurements in advance. I've been thinking about ways to solve this for a while, and I'm coming to the conclusion that the best plan is probably to just ship pre-built initramfs images. I can think of three main reasons to want to use system-specific images: 1) They're smaller. By default we're already generating a generic image for rescue purposes, so disk space isn't the concern here - we're largely looking at losing boot speed. As machines have got faster this is probably not a huge deal. 2) They contain machine-specific configuration. Some of this can be passed on the kernel command line instead (eg, the machine ID), but we'd need answers for the rest. I can think of a couple of solutions: a) Stick the config in UEFI variables. It's small enough that we wouldn't run out. Cool Extend grub to read some config files and synthesise an initramfs image for them. If we measure the paths that those images use then we don't need to worry about the contents as long as the tools that read the config can't be subverted via that configuration. 3) User customisation, such as including extra tooling. grub supports loading multiple initramfs images. Packages that right now install stuff in the initramfs could instead ship a prebuilt image that grub could append to the main initramfs. This would allow for things like overriding Plymouth themes, and we could ship the measurements for these pre-built images in order to allow them to be validated. Any thoughts on this?

  • Fedora Stakeholders Discuss Possibility Of Using Pre-Built Initramfs Images

    Another alternative to slow initramfs generation could be distributing pre-built initramfs images to users. An additional benefit of that is possibly better security with measured boot capabilities, a matter currently being discussed by Fedora stakeholders.

    Fedora from time-to-time has brought up the topic of using pre-built initramfs images and that happened again last week by former Red Hat employee turned Googler Matthew Garrett. He brought up a possible proposal to ship prebuilt initramfs images in the name of better security with measured boot.

  • RHEL 8 Still Vulnerable to “Magellan 2” SQLite Bugs, as Patches Drop

    Severe bugs in the ubiquitous SQLite engine – used in thousands of software applications – continue to pose a major security threat, security researchers say, with Red Hat admitting today that its flagship Red Hat Enterprise Linux (RHEL) 8 remains vulnerable, despite patching other products this week.

    Red Hat said in a security update it had now inoculated RHEL 7 and its “RHEL 8.0 Update Services for SAP Solutions”, but RHEL 8 itself remains affected by one of the vulnerabilities, first disclosed to the Chromium team by China’s Tencent Blade – which dubbed them “Magellan 2.0” – in October 2019.

  • Communication superstars: A model for understanding your organization's approach to new technologies

    The Open Organization Ambassadors have learned a great deal about the ways open principles are impacting organizational practices. In particular, we've developed an Open Organization Definition that specifies the five principles that distinguish open organizations from other types of organization—namely, more transparency, more inclusivity, greater adaptability, deeper collaboration and a sense of purpose teams/community. I've also delivered a presentation on this topic several times since 2016 and learned new insights along the way. So I'd like to update this article with a few comments that reflect those findings. And then, in a follow-up article, I'd like to offer readers some guidelines on how they can determine their organization's level of comfort with communication technology and use it to increase their success relative to industry competitors.

Mark Shuttleworth Talks, Ubuntu's Zsys Developed on Microsoft Servers

Filed under
  • Mark Shuttleworth 2020 Prediction

    Here are the predictions by Canonical founder.

  • Ubuntu's Zsys Tool For Enhancing The ZFS On Linux Experience Now Supports Snapshots

    One of the work items we have been keen to monitor during the Ubuntu 20.04 LTS development cycle is tracking the happenings around Zsys, the Ubuntu/Canonical led utility for helping to administer ZFS On Linux systems. In ending out January, Zsys now has more functionality in tow.

    The latest with Zsys as of this week for the Golang-written daemon and user-space utility is zsysctl save for saving the current user state (snapshot) by default but also options for saving the complete system state and all users and another option for saving the state of specified users.

OSS Leftovers

Filed under
  • Cephalocon 2020 sessions to look out for

    March is a busy month in the open source calendar, with not just SUSECON occurring in Dublin, Ireland, but also the Ceph community congregating on the city of Seoul in South Korea for the ever popular Cephalocon conference. The global Ceph community is very vibrant, and where better to hold the annual get together for lovers of the industry-leading, open source software-defined storage technology than the high-tech metropolis that is Seoul?

  • Philip Withnall: Interested in a GUADEC remote attendance party in the UK, July 2020?

    GUADEC is in Mexico this year, which is great! This means that, for once, the tables are turned and people in Europe will get to experience what everyone in the rest of the world normally experiences for GUADEC: long travel times. That’s no bad thing, but I suspect it means there’ll be more people from Europe who are taking a break from GUADEC this year.

    I don’t want to travel to GUADEC, but do want to keep up with the conference and see people. So I’m looking at organising a UK remote attendance party for GUADEC, where anyone who isn’t going to Mexico is welcome to come along for a few days, follow the conference remotely, hack together, and socialise together.

  • Journal transparency index will be ‘alternative’ to impact scores

    A new ranking system for academic journals measuring their commitment to research transparency will be launched next month – providing what many believe will be a useful alternative to journal impact scores.

    Under a new initiative from the Center for Open Science, based in Charlottesville, Virginia, more than 300 scholarly titles in psychology, education and biomedical science will be assessed on 10 measures related to transparency, with their overall result for each category published in a publicly available league table.

    The centre aims to provide scores for about 1,000 journals within six to eight months of their site’s launch in early February.

  • The need for adversarial tech-interoperability legislation

    In the words of Cory Doctorow: ?Interoperability is the act of making a new product or service work with an existing product or service?. The tech market has moved further and further away from interoperable standards in favor of vendor-lock-in or ?silos? over the last decade.

    I?ll discuss file hosting services to explain the problem with the lack of interoperable standards and argue for the need for legislation to ensure such interoperability.

    Let?s look at this app-integration with commercial file hosting providers targeted at consumers as an example. The big players in this space are Microsoft OneDrive, Google Drive, Apple iCloud, and Dropbox. There are dozens of more actors in this space.

    It?s common for all sorts of apps to integrate with one or more of these services to offer app-specific synchronization features. This is used to synchronize to-do lists, documents, and other app-specific data. A few large developers offer their own hosting services. However, many smaller app developers don?t want to take on the role of a file hosting provider. Instead, they build-in the option to synchronize using a third-party service.

  • Banks are finally embracing the Open Source movement

    Even though bank leaders are becoming convinced that leveraging open source technology is the future, banks will not transform over night to open source adepts. Just like introducing all other new technologies and methodologies, embracing open source software requires a cultural shift in the whole organization, which takes time and intensive change management.

  • Product Announcement: Chef Habitat 1.5 Now Available

    Chef Habitat provides automation capabilities for defining, packaging, and delivering applications to almost any environment with any operating system, on any platform. Over the last year, we’ve seen organizations like Alaska Airlines, Rakuten, Walmart, and Rizing address a broad range of application delivery automation challenges with Habitat. They’ve improved their developers’ productivity, reduced deployment failures, and are delivering applications consistently across a variety of platforms and technologies. 

FreeBSD Quarterly Report

Filed under
  • FreeBSD quarterly report for the period October 2019 - December 2019

    Here is the last quarterly status report for 2019. As you might remember from last report, we changed our timeline: now we collect reports the last month of each quarter and we edit and publish the full document the next month. Thus, we cover here the period October 2019 - December 2019.

    If you thought that the FreeBSD community was less active in the Christmas' quarter you will be glad to be proven wrong: a quick glance at the summary will be sufficient to see that much work has been done in the last months.

  • FreeBSD Had A Very Busy End Of Year 2019 With Numerous Advancements

    The FreeBSD project has issued their last quarterly status update for 2019.

    During Q4-2019 were many improvements to the FreeBSD project itself and related BSD ecosystem. Some of their happenings for Q4 included:

    - Delivering the successful FreeBSD 12.1-RELEASE in early November.

    - Support for newer Intel WiFi chipsets. As part of that, WiFi now works on the Lenovo ThinkPad X1 Carbon 7th Gen laptop which is the laptop FreeBSD Foundation is aiming for good BSD support.

Programming: LLVM. Java, JSON, Python and Bash

Filed under


  • AMD Zen 2 "Znver2" Optimizations With LLVM Clang 10 Bring Some Improvements

    With LLVM Clang 10 having added a Zen 2 scheduler model tuned for the latest AMD CPUs over the existing "znver2" tuning that had just copied the Zen 1 scheduler, here are some benchmarks looking at the LLVM Clang 9 vs. 10 compiler performance on AMD EPYC when making use of "-march=znver2" optimizations.

    On the AMD EPYC 7742 2P server running Ubuntu 19.10 with the Linux 5.5 kernel, I carried out benchmarks earlier this month comparing the LLVM Clang 9.0.1 performance to that of LLVM Clang 10.0 after the Zen 2 (znver2) improvements landed and around the time of the LLVM 10.0 branching.

  • 3 lessons I've learned writing Ansible playbooks

    I've used Ansible since 2013 and maintain some of my original playbooks to this day. They have evolved with Ansible from version 1.4 to the current version (as of this writing, 2.9).

    Along the way, as Ansible grew from having dozens to hundreds and now thousands of modules, I've learned a lot about how to make sure my playbooks are maintainable and scalable as my systems grow. Even for simple projects (like the playbook I use to manage my own laptop), it pays dividends to avoid common pitfalls and make decisions that will make the future you thankful instead of regretful.

  • Introduction to Eclipse JKube: Java tooling for Kubernetes and Red Hat OpenShift

    We as Java developers are often busy working on our applications by optimizing application memory, speed, etc. In recent years, encapsulating our applications into lightweight, independent units called containers has become quite a trend, and almost every enterprise is trying to shift its infrastructure onto container technologies like Docker and Kubernetes.

    Kubernetes is an open source system for automating deployment, scaling, and management of containerized applications, but it has a steep learning curve, and an application developer with no background in DevOps can find this system a bit overwhelming. In this article, I will talk about tools that can help when deploying your Maven applications to Kubernetes/Red Hat OpenShift.

    Background: Eclipse JKube

    This project was not built from scratch. It’s just a refactored and rebranded version of the Fabric8 Maven plugin, which was a Maven plugin used in the Fabric8 ecosystem. Although the Fabric8 project was liked and appreciated by many people in the open source community, due to unfortunate reasons it could not become successful, and the idea of Fabric8 as an integrated development platform on top of Kubernetes died. Although the main project is archived, there are still active repositories used by the community, such as the Fabric8 Docker Maven plugin, the Fabric8 Kubernetes client, and of course the Fabric8 Maven plugin.

    As maintainers of the Fabric8 Maven plugin, we started decoupling the Fabric8 ecosystem related pieces from the plugin to make a general-purpose Kubernetes/OpenShift plugin. We also felt there was a need for rebranding because most people were confused about whether this plugin had something to do with Fabric8. Hence, we decided to rebrand it, and fortunately, someone from the Eclipse foundation approached us to take in our project. Now, the project is being renamed to Eclipse JKube and can be found in the Eclipse Foundation repos on GitHub.

  • JSON Lines: record-style JSON

    There are lots of websites that explain why JSON is so popular. It's based on the familar JavaScript syntax and it has several advantages over CSV, XML and other data transfer formats. T

  • JSON, Unicode, and Perl … Oh My!

    You might think this a reasonable enough round-trip, just using two different JSON libraries, Mojo::JSON and Cpanel::JSON::XS. In fact, though, when you run this you’ll see that $decode in the above is "\x{c3}\x{83}\x{c2}\x{a9}", not just the "\xc3\xa9" that we started with.


  • MOSS Video, BSSw Honorable Mention, and The Maintainership Book I Am Writing

    Mozilla interviewed me about the Python Package Index (PyPI), a USD$170,000 Mozilla Open Source Support award I helped the Python Software Foundation get in 2017, and how we used that money to revamp PyPI and drive it forward in 2017 and 2018.
    From that interview, they condensed a video (2 minutes, 14 seconds) featuring, for instance, slo-mo footage of me making air quotes. Their tweet calls me "a driving force behind" PyPI, and given how many people were working on it way before I was, that's quite a compliment!

    I will put a transcript in the comments of this blog post.

    (Please note that they massively condensed this video from 30+ minutes of interview. In the video, I say, "the site got popular before the code got good". In the interview, I did not just say that without acknowledging the tremendous effort of past volunteers who worked on the previous iteration of PyPI and kept the site going through massive infrastructure challenges, but that's been edited (for brevity, I assume).)

  • Hidden test dependencies

    Tests should be independent, isolated and repeatable. When they are, it's easy to run just one of them, run all of them in parallel or use pytest-testmon. But we don't live in an ideal world and many times we end up with a test suite with unwanted hidden test dependencies. In this article I am describing a couple of tips and tricks which allow us to find and fix the problems.

  • Wing Python IDE 7.2.1 - January 28, 2020

    Wing 7.2.1 fixes debug process group termination, avoids failures seen when pasting some Python code, prevents crashing in vi browse mode when the first line of the file is blank, and fixes some other usability issues.

  • Karl Dubost: Week notes - 2020 w04 - worklog - Python

    I dedicated most of my time in advancing the new anonymous workflow reporting. The interesting process in doing it was to have tests and having to refactor some functions a couple of times so it made more sense.

    Tests are really a safe place to make progress. A new function will break tests results and we will work to fix the tests and/or the function to a place which is cleaner. And then we work on the next modification of the code. Tests become a lifeline in your development.

    Another thing which I realize that it is maybe time we create a new module for our issues themselves. It would model, instantiate our issues and we can use in multiple places. Currently we have too many back and forth on parsing texts, calling dictionaries items, etc. We can probably improve this with a dedicated module. Probably for the phase 2 of our new workflow project.

    Also I have not been effective as I wished. The windmill of thoughts about my ex-work colleagues future is running wild.


  • Bash Select (Make Menus)

    In this tutorial, we will cover the basics of the select construct in Bash.

  • Some Useful Bash Aliases and How to Create Bash Aliases

    Do you spend a good amount of time working in the command line? Then you may have noticed that most of the commands you run are a small subset of all the available commands. Most of them are habitual and you may be running them every single day.
    To lessen the suffering of typing, developers the command utilities have attempted to eliminate the extraneous typing with abbreviations, for example, “ls” instead of “list”, “cd” instead of “change-directory”, “cat” instead of “catenate” etc. Yet, typing the same command over and over and over is truly boring and unenjoyable.

    This is where aliases come handy. Using an alias, it’s possible to assign your shortcut for a specific command. Here, we’ll be talking about how to create Bash aliases and demonstrate some useful aliases that you might enjoy.

  • Bash break and continue

    Loops allow you to run one or more commands multiple times until a certain condition is met. However, sometimes you may need to alter the flow of the loop and terminate the loop or only the current iteration.

    In Bash, break and continue statements allows you to control the loop execution.

Security Leftovers

Filed under
  • Security updates for Wednesday

    Security updates have been issued by CentOS (apache-commons-beanutils, java-1.8.0-openjdk, libarchive, openjpeg2, openslp, python-reportlab, and sqlite), Debian (hiredis, otrs2, and unzip), openSUSE (apt-cacher-ng, git, samba, sarg, and storeBackup), Oracle (openjpeg2), Red Hat (libarchive, openjpeg2, sqlite, and virt:rhel), SUSE (aws-cli and python-reportlab), and Ubuntu (libgcrypt11, linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-oracle-5.0, linux-hwe, linux-hwe, linux-aws-hwe, linux-lts-xenial, linux-aws, and openjdk-8, openjdk-lts).

  • Duo CEO Dug Song: We have to make security simple

    Duo Security CEO Dug Song kept it simple Tuesday when he described the last decade in cybersecurity.

    “It sucked,” Song told the crowd at the Zero Trust Security Summit presented by Duo and produced by FedScoop and CyberScoop.

    The next decade doesn’t have to be that way, he says, because the technology ecosystem has the tools it needs to make security as seamless and easy to use as possible. Architectures like zero trust can become more commonplace, giving enterprises simple ways to protect themselves against the most familiar threats.

    At the core, it’s about ensuring that users and devices are connecting only with the data that they need. In a sit-down with CyberScoop on the sidelines of the summit, Song talked about the evolution of zero trust, how the cybersecurity market is changing, and how cybersecurity can be better woven into campaign operations.

  • [Old] ScreenConnect MSP Software Used to Install Zeppelin Ransomware

    Threat actors are utilizing the ScreenConnect (now called ConnectWise Control) MSP remote management software to compromise a network, steal data, and install the Zeppelin Ransomware on compromised computers.

    ConnectWise Control is a remote management software commonly used by MSPs and IT professionals in order to gain access to a remote computer to provide support.

  • How to Approach Linux Threats?

    There is a lot of importance given for protecting Windows endpoints in the antivirus industry. Windows desktop users dominate close to 87 percent of the total desktop market share when compared to the 2 percent share held by Linux desktop users. A group of people argue that Linux is the safest and most secure operating system as it is scarce that malware targets Linux end users. While discussing the threats to the Linux platform, we must understand that Linux desktop usage is a tiny piece of the puzzle. About 70 percent of the webserver market share is made by Linux, according to Web Technology Surveys, and, according to CBT Nuggets, 90 percent of all cloud servers. Linux is said to be the most popular operating system among Microsoft’s Azure Cloud, according to ZDNet.

    The recent discovery of HiddenWasp, QNAPCrypt, and Evilgnome has made the emergence of Linux threats evident. The detection rate is low as reported by several security vendors, and this is due to the industry’s quick migration to the cloud, combined with a lack of awareness about the threats.

  • Ransomware Linked to Iran, Targets Industrial Controls

    Tel Aviv-based Otorio, a cybersecurity firm which specializes in industrial control systems (ICS), said that the ransomware called “Snake,” like others of its kind, encrypts programs and documents on infected machines. But it also removes all file copies from infected stations, preventing the victims from recovering encrypted files.

  • Uncovering Vulnerabilities in Open Source Libraries

    In recent articles, ForAllSecure has discussed how we were able to use our next-generation fuzzing solution, Mayhem, to discover previously unknown vulnerabilities in several open source projects, including Netflix DIAL reference, Das U-Boot, and more. In this post, we will follow up on a prior article on using Mayhem to analyze stb and MATIO by reviewing three additional vulnerabilities found in another open source library. Prior to detailing these new vulnerabilities, we will examine some of the factors which can help to identify code which is a good candidate for fuzzing.

Open Hardware/Modding-Friendly Hardware: LibreRouter, Gateworks, QNAP and 96Boards

Filed under

GNU/Linux in Germany (SUSE and FSFE)

Filed under
  • Running for openSUSE Board #2: Getting new people aboard

    I’d like to illustrate my view on it with a simple example:
    When you visit there’s a menu item top right named “contribute”. Clicking it brings you to the contribution bit of the page. There you have choice between two things: Code and Hardware. Now if we’re lucky a potential contributor will click on “Code” and gets presented four slightly unmotivated lines of text and a button to “find out more”. That’s not how to be friendly and inviting. Let’s hope not too much people are turned down by that.

    But what I see as a way bigger problem – and some kind of basic pattern in oS – is that behind the “find out…” button in fact there would be really good and detailed information on how to contribute. Documentation, testing, translations and so on is all there. But it’s not communicated in any reasonable way! It’s hidden in different places, buried deeply in the wiki. The wiki is a good place for extensively written explanations but not for getting a first step into the pool.

    So my idea is part of a whole to-be-defined restructuring of I proposed a few thoughts a while ago but got curbed due to the renaming/rebranding discussion back then. Yet I still have these things on my list to discuss and tackle. [1]

    Of course the website is just one puzzle part. The whole getting fresh blood (as you called it) thing needs further pushing. Hence the initiative of the marketing team to get special t-shirts for Leap 15.2. Beta testers. [2]
    This is something easily to be communicated to the outside and can be a door opener for new people. Though it is not a board member’s job there. But I think it’s good to have a board taking part in this whole communication

  • Instant Fresh openSUSE Tumbleweed with Docker and Vagrant Images

    On my machines I run openSUSE Leap (download), a stable distribution that follows the SUSE Linux Enterprise service packs. But frequently my task is to reproduce or fix a bug in openSUSE Tumbleweed (download), the hottest rolling distribution.

    In the past, I would take an ISO image of the installation DVD and install a virtual machine from scratch. (To say nothing about burning a CD, copying a boot floppy, and reinstalling a physical machine. I've been doing this for too long.)

    Fortunately, things got easier with ready-made disk images for containers (Docker/Podman) and virtual machines (Vagrant).

  • Klaas Freitag: Public Money – Public Code [Ed: in German]

    Genau dafür setzt sich die Kampagne Public Money for Public Code der Free Software Foundation Europe (FSFE) ein.

  • FSFE is hiring: interns and trainees for legal, policy and technical areas

    FSFE is hiring: interns and trainees for legal, policy and technical areas
    We are looking for interns and trainees experienced in legal, policy or technical fields. The persons will work 35 hours per week with our team in the FSFE's Berlin office. There will be coordination with remote staff and volunteers, and depending on the work area opportunity to participate in events and meetings throughout Europe.

More in Tux Machines

Kontron takes Raspberry Pi into Industry 4.0 with Codesys

“The integrated development environment Codesys for programmable logic controllers according to the IEC 61131-3 standards is hardware-independent software for application development in industrial automation,” according to Kontron. “Thanks to its open interfaces and security features, Codesys has distinguished itself as an industry 4.0 platform and facilitates data exchange between IIoT networks.” Prior to this, Codesys has been available for Kontron’s PiXtend – a similar product that takes a standard Pi rather than a Compute Module. Of this, the company said: Codesys V3 lets you memory-program controls. An integrated web visualisation tool is available for displaying your control elements, diagrams and graphics on your smartphone, tablet or PC.” Read more

Security: Windows, Microsoft Malware, GPS Bug, and Some Exaggeration/FUD

  • Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs - blackMORE Ops

    The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are engaged in addressing a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental organizations (NGOs). A sophisticated cyber threat actor leveraged a compromised end-user account from Constant Contact, a legitimate email marketing software company, to spoof a U.S.-based government organization and distribute links to malicious URLs.[1] CISA and FBI have not determined that any individual accounts have been specifically targeted by this campaign.

  • Malicious NPM Packages Caught Running Cryptominer On Windows, Linux, macOS Devices [Ed: Lousy anti-journalist sites try to blame the victims for having received malware from Microsoft itself]

    Three JavaScript libraries uploaded to the official NPM package repository have been unmasked as crypto-mining malware, once again demonstrating how open-source software package repositories are becoming a lucrative target for executing an array of attacks on Windows, macOS, and Linux systems.

  • GPS Daemon (GPSD) Rollover Bug

    Critical Infrastructure (CI) owners and operators, and other users who obtain Coordinated Universal Time (UTC) from Global Positioning System (GPS) devices, should be aware of a GPS Daemon (GPSD) bug in GPSD versions 3.20 (released December 31, 2019) through 3.22 (released January 8, 2021).

  • New Linux kernel memory corruption bug causes full system compromise [Ed: This is "local privilege escalation", i.e. vastly less severe than all those back doors in Windows, but so-called 'security' firms aren't meant to talk about state-mandated holes]

    Researchers dubbed it a “straightforward Linux kernel locking bug” that they exploited against Debian Buster’s kernel.

today's howtos

  • Inspect the capabilities of ELF binaries with this open source tool

    Capa is an open source project from Mandiant (a cybersecurity company). In the project's own words, capa detects capabilities in executable files. Although the primary target of Capa is unknown and possibly malicious executables, the examples in this article run Capa on day-to-day Linux utilities to see how the tool works. Given that most malware is Windows-based, earlier Capa versions only supported the PE file format, a dominant Windows executable format. However, starting with v3.0.0, support for ELF files has been added (thanks to Intezer).

  • What you need to know about Kubernetes NetworkPolicy |

    With a growing number of cloud-native applications going to production through Kubernetes adoption, security is an important checkpoint that you must consider early in the process. When designing a cloud-native application, it is very important to embed a security strategy up front. Failure to do so leads to lingering security issues that can cause project delays and ultimately cost you unnecessary stress and money. For years, people left security at the end—until their deployment was about to go into production. That practice causes delays on deliverables because each organization has security standards to adhere to, which are either bypassed or not followed with a lot of accepted risks to make the deliverables. Understanding Kubernetes NetworkPolicy can be daunting for people just starting to learn the ins and outs of Kubernetes implementation. But this is one of the fundamental requirements that you must learn before deploying an application to your Kubernetes cluster. When learning Kubernetes and cloud-native application patterns, make your slogan "Don't leave security behind!"

  • 3 tips for printing with Linux

    I have a confession to make. This may be an unpopular opinion. I actually enjoy reading documents on a piece of paper as opposed to digitally. When I want to try a new recipe, I print it out to follow it so I don't have to continually swipe my mobile device to keep up with the steps. I store all my favorite recipes in sheet protectors in a binder. I also like to print out coloring pages or activity sheets for my kids. There are a ton of options online or we create our own! Though I have a fond appreciation for printed documents, I have also had my fair share of printing nightmares. Paper jams, low ink, printer not found, the list of frustrating errors goes on and on. Thankfully, it is possible to print frustration-free on Linux. Below are three tutorials you need to get started printing on Linux. The first article walks through how to connect your printer to your Linux computer. Then, learn how to print from anywhere in your house using your home network. The last article teaches you how to print from your Linux terminal so you can live out all your productivity dreams. If you are in the market for a new printer, check out this article about choosing a printer for Linux.

  • 3 basic Linux user management commands every sysadmin should know [Ed: But those have nothing to do with Linux… they’re part of shadow-utils.]

    I like logical commands; commands that are simple, straightforward, and just make sense. When I delivered Linux sysadmin training, I found Linux user management commands to be easy to explain.

  • Strange Apache Reload Issue « etbe - Russell Coker

    I recently had to renew the SSL certificate for my web server, nothing exciting about that but Certbot created a new directory for the key because I had removed some domains (moved to a different web server). This normally isn’t a big deal, change the Apache configuration to the new file names and run the “reload” command. My monitoring system initially said that the SSL certificate wasn’t going to expire in the near future so it looked fine. Then an hour later my monitoring system told me that the certificate was about to expire, apparently the old certificate came back! I viewed my site with my web browser and the new certificate was being used, it seemed strange. Then I did more tests with gnutls-cli which revealed that exactly half the connections got the new certificate and half got the old one. Because my web server isn’t doing anything particularly demanding the mpm_event configuration only starts 2 servers, and even that may be excessive for what it does. So it seems that the Apache reload command had reloaded the configuration on one mpm_event server but not the other!

  • Featured Unixcop Oracle Data Integrator (ODI) on CentOS 8 Oracle Data Integrator (ODI) on CentOS 8

    Data Integration ensures that information is timely, accurate, and consistent across complex systems. Although it is still frequently referred as Extract-Transform-Load (ETL), data integration was initially considered as the architecture used for loading Enterprise Data Warehouse systems. Data integration now includes data movement, data synchronization, data quality, data management, and data services. Oracle Data Integrator s built on several components all working together around a centralized metadata repository. Also these components – graphical modules, runtime agents and web based interfaces – in conjunction with other advanced features make ODI a lightweight, state of the art data integration platform. With its superior performance and flexible architecture, Oracle Data Integrator can_be used in various types of projects such as Data Warehousing, SOA, Business Intelligence or Application Integration.

  • Oracle Weblogic 14c on CentOS 8 - Unixcop

    Modern business environment demands Web and e-commerce applications that accelerate your entry into new markets like a boom ! help you find new ways to reach and retain customers, and allow you to introduce new products and services quickly. To build and deploy these new solutions, you need a proven, reliable e-commerce platform that can connect and empower all types of users while integrating your corporate data. Oracle WebLogic Server is a unified and extensible platform for developing, deploying and running enterprise applications, such as Java, for on-premises and in the cloud. Hi Guys ! Today, we will discuss about Oracle WebLogic server. We have got through some intro & now will have a glimpse of some architectural overview of this Oracle Middle ware product, Then we will go the how to’s. Don’t get bored till then ! WebLogic Server operates in the middle tier of a multi tier (or n-tier) architecture. A multi tier architecture determines where the software components that make up a computing system are executed in relation to each other and to the hardware, network, and users. Choosing the best location for each software component lets you develop applications faster; eases deployment and administration; and provides greater control over performance, utilization, security, scalability, and reliability.

  • Store Passwords Securely with Hashicorp Vault on Ubuntu 20.04 – VITUX

    It is always not possible to remember all the secret keys, passphrases, and tokens. Sometimes managing and maintaining secrets might be challenging tasks. We may need to store such secrets somewhere which we can use when needed. Hashicorp Vault is a solution that can be used to store secrets. It protects all the secrets stored on it and keeps secured. In this article, we will learn how to install Hashicorp vault on ubuntu 20.04.

Open Hardware/Modding: New Hardware Based on RISC-V and Arduino Projects

  • M5Stamp C3 RISC-V board supports WiFI 4, Bluetooth 5.0 Long Range and 2 Mbps bitrate - CNX Software

    It was only last month that M5Stack launched the M5Stamp Pico module based on an ESP32-PICO-D4 SiP and heat-resistant plastic shell, but M5Stamp C3 board is already out with most of the same specifications and features but an ESP32-C3 RISC-V SoC replaces the ESP32 dual-core Xtensa processor. M5Stamp C3 offers WiFi 4 and Bluetooth 5.0 with high bitrate and long-range connectivity and comes with the same heat-resistant plastic shell, but the company also highlights the RSA-3072-based secure boot and the AES-128-XTS-based flash encryption as a more secure way to address Bluetooth security concerns.

  • Alibaba open sources four RISC-V cores: XuanTie E902, E906, C906 and C910 - CNX Software

    Alibaba introduces a range of RISC-V processors in the last few years with the Xuantie family ranging from the E902 micro-controller class core to the C910 core for servers in data centers. This also includes the XuanTie C906 core found in the Allwinner D1 single-core RISC-V processor. While RISC-V is an open standard and there’s a fair share of open-source RISC-V cores available, many commercial RISC-V cores are closed source, but Zhang Jianfeng, President of Alibaba Cloud Intelligence speaking at the 2021 Apsara Conference, announced that T-Head had open-sourced four RISC-V-based Xuantie series processor cores, namely Xuantie E902, E906, C906, and C910, as well as related software and tools.

  • SiFive Has A New RISC-V Core To Improve Performance By 50%, Outperform Cortex-A78 - Phoronix

    SiFive just shared word that at today's Linley Conference they teased their Performance P550 successor that will "set a new standard for the highest efficiency RISC-V processor available."

  • This tinyML device counts your squats while you focus on your form | Arduino Blog

    Getting in your daily exercise is vital to living a healthy life and having proper form when squatting can go a long way towards achieving that goal without causing joint pain from doing them incorrectly. The Squats Counter is a device worn around the thigh that utilizes machine learning and TensorFlow Lite to automatically track the user’s form and count how many squats have been performed. Creator Manas Pange started his project by flashing the tf4micro-moition-kit code to a Nano 33 BLE Sense, which features an onboard three-axis accelerometer. From there, he opened the Tiny Motion Trainer Experiment by Google that connects to the Arduino over Bluetooth and captures many successive samples of motion. After gathering enough proper and improper form samples, Manas trained, tested, and deployed the resulting model to the board.