We’ve seen several tiny ultra-cheap boards for headless applications over the last few years with products Orange Pi Zero Plus or NanoPi R2S which are usually based on 32-bit Cortex-A7 or low power 64-bit Cortex-A53 processors, coupled with up to 512MB to 2GB, and may have some limitations when it comes to Gigabit Ethernet and USB 3.0 speeds.
If you’d like something similar but more powerful, FriendlyELEC is working on NanoPi R4S headless SBC powered by a Rockchip RK3399 hexa-core Cortex-A72/A53 processor with up to 4GB RAM, dual Gigabit Ethernet, and two USB 3.0 ports.
To label used bottles that would otherwise go to waste, “tuenhidiy” created a CNC plotter that itself consists mostly of scraps!
The machine’s X and Z axes are formed out of a pair of old CD/DVD players, but instead of a traditional Y axis, it actuates two printer rollers to turn a bottle forwards or backwards. This allows the marking pen to be placed in just the right axial position, while still being very similar to a fully Cartesian (XYZ) plotter controls-wise.
Virtual private network (VPN) technology has changed immensely since the publication of the original Guide to IPsec VPNs (SP 800-77) in 2005. The guide was recently reworked and modernized, and Red Hat engineers lent a hand to updating this important document. The updated document takes into consideration the evolution of cryptography, software and hardware capabilities, as well as virtualization and containerization in today's complex and cloud-based network infrastructure, and presents solid guidance for a modern environment.
Red Hatters are a longtime contributors and developers of IPsec standards and open source IPsec software. Through this collaboration with the National Institute of Standards and Technology (NIST), we go beyond delivering products that are open, interoperable, and compliant to modern security standards, but also help to improve the security of the internet for everyone.
[...]
The update guide’s intended audience is network administrators and architects. Those who are fairly familiar with the IPsec (and IKE) protocol can find a quick overview of the changed FIPS requirements and operational recommendations in the Executive Summary. The guide can also be used as extensive documentation of the IKE and IPsec subsystem when RHEL is placed into FIPS mode via the system-wide crypto policies setting.
An in-depth tutorial describes the IPsec packet format (eg ESP), the Internet Key Exchange version 2 (IKEv2) protocol that is used to configure IPsec and explains in detail how the two protocols interact to create VPN solutions.
Hands-on examples with typical IPsec deployments are shown via case studies. The examples show different IPsec implementations and their configurations, such as Cisco, Linux using libreswan (RHEL’s IPsec application), OpenBSD using iked, and FreeBSD using strongSwan. These examples can be used to help the conversation when connecting RHEL to third party VPN implementations.
The ability to update software with critical bug fixes and security mitigations while minimizing downtime is extremely important to customers and cloud service providers. In this blog post, we present QEMU Live Update, a new method for updating a running QEMU instance to a new version while minimizing the impact to the VM guest. The guest pauses briefly, for less than 100 milliseconds in our prototype, without loss of internal state or external connections.
Live Update uses resources more efficiently than Live Migration. The latter ties up the source and target hosts, and consumes more memory and network bandwidth, and does so for an indeterminate period of time that depends on when the copy phase converges. Live migration is prohibitively expensive if large local storage must be copied across the network to the target.
Welcome back to Training Tuesdays. In this week’s edition, we are talking about performing software package management on Oracle Linux 8. Software package management is an essential skill needed to keep your Oracle Linux 8 system up to date with the latest software enhancements, bug fixes, and security patches.
Oracle Linux 8 includes DNF utilities to perform package management. DNF replaces YUM, which was used in previous versions of Oracle Linux. In this 3-part video series, we cover how to use DNF, how to install the latest version of the Unbreakable Enterprise Kernel (UEK) for Oracle Linux, and how to install the Extra Packages for Enterprise Linux (EPEL) software repository.
The Elastic Deep Learning capabilities of IBM Watson® Machine Learning Accelerator are designed for large-scale distributed deep learning workloads. It transforms static monolithic training into a dynamic process that is resilient to failures and automatically scales GPU allocation while training.
Data scientists, deep learning developers, and administrators can use Elastic Deep Learning capabilities to simplify production deployment, improve run time efficiency, and deliver on service level agreements (SLAs).
There have been many false dawns for Linux gaming, but in recent years things have been improving unabated. The launch of the Proton compatibility layer meant that thousands of DirectX-only games can now be translated to Vulkan and therefore work on Linux, while new Linux-compatible games continue to be released as well. If you want to play Windows-only games on Linux, see our guide on how to set up Proton and Steam Play. If, however, you just want to check out all the best Linux games in 2020 you can play, then read on below.
Also: Testing the New Xbox Series X Controller on Linux
Linux in Devices/Embedded and Arduino Open Hardware
ASRock unveiled a “4×4-V2000” SBC and “iBOX-V2000” mini-PC based on it that feature AMD’s Ryzen Embedded V2000. Meanwhile, Ibase previewed a Mini-ITX SBC and signage player based on the V2000.
ASRock and Ibase have each announced several products based on AMD’s new Ryzen Embedded V2000 system-on-chip. ASRock’s 4×4-V2000M and 4×4-V2000V SBCs drive its new iBOX-V2000M and iBOX-V2000V computers, respectively. Ibase previewed a MI989 Mini-ITX board and SI-334 signage player with fewer details (see farther below).
Espressif Systems ESP32 processor supports WiFi, Bluetooth, and Ethernet connectivity. There are only a few boards coming with an Ethernet RJ45 jack out of the box including esp32MX-E ESP32 board, TTGO T-Internet-POE, and Olimex ESP32-Gateway board among others.
Last month Vecow introduced SPC-6000 fanless embedded PC powered by an Atom x6425RE Elkhart Lake processor, and considering Tiger Lake UP3 embedded processors were announced at about the same time as Atom x6000E-series family, it should come as no surprise that the Taiwanese company has introduced a more powerful Tiger Lake UP3 model.
You’ve probably seen an example of the “useless box,” or “useless machine,” which when switched on does nothing except open up to turn itself back off again. This one by creator Alex Pikkert adds a few new tricks, giving it a bit of a mood, and not one but two switches and fingers!
When switched on, the device uses a micro servo to open the box. The correct finger then extends under the power of one of the other two servos to turn the particular switch you flipped off again.
Linux distributors are in the business of integrating software from multiple sources, packaging the result, and making it available to their users. It has long been true that some projects are easier to package than others. The Debian technical committee (TC) is currently being asked to make a decision in a dispute over how an especially hard-to-package project — Kubernetes — should be handled. Regardless of the eventual outcome, this disagreement clearly shows how the packaging model used by Linux distributors is increasingly mismatched to how software is often developed in the 2020s; what should replace that model is rather less clear, though.
A longstanding rule followed by most distributors is that there should be only one copy of any given library (or other dependency) in the system, and that said copy should usually be in its own package. To do otherwise would bloat the system and complicate the task of keeping things secure. As an extreme example, consider what would happen if every program carried its own copy of the C library in its package. Those thousands of copies would consume vast amounts of both storage space and memory. If a security vulnerability were found in that library, thousands of packages would have to be updated to fix it everywhere. A single library package shared by all users, instead, is more efficient and far easier to maintain.
This rule is thus contrary to the practice of stuffing dependent libraries into the package of a program that needs them — a practice often called "vendoring". Living up to this rule can be challenging, though, with many modern projects, which also often engage in a fair amount of vendoring. Projects written in certain languages appear to be especially prone to this sort of behavior; the Go language, for example, seems to encourage vendoring.
Kubernetes is written in Go, and it carries a long list of dependencies with it. It was maintained in Debian for a while by Dmitry Smirnov, but he orphaned Kubernetes in 2018, stating that packaging it is "a full time job, probably for more than one person". The Kubernetes package was eventually picked up by Janos Lenart, who has been supplying updated versions to the Debian Testing repository.
In our monthly reports, we outline the major things that we have been up to over the past month. As a brief reminder, the motivation behind the Reproducible Builds effort is to ensure flaws have not been introduced in the binaries we install on our systems. If you are interested in contributing to the project, please visit our main website.
[...]
During the Reproducible Builds summit in Marrakesh in 2019, developers from the GNU Guix, NixOS and Debian distributions were able to produce a bit-for-bit identical GNU Mes binary despite using three different versions of GCC. Since this summit, additional work resulted in a bit-for-bit identical Mes binary using tcc, and last month a fuller update was posted to this effect by the individuals involved. This month, however, David Wheeler updated his extensive page on Fully Countering Trusting Trust through Diverse Double-Compiling, remarking that...
[...]
Build node maintenance was performed by both Holger Levsen […][…] and Vagrant Cascadian […][…][…], Vagrant Cascadian also updated the page listing the variations made when testing to reflect changes for in build paths […] and Hans-Christoph Steiner made a number of changes for F-Droid, the free software app repository for Android devices, including...
This month I accepted 208 packages and rejected 29. The overall number of packages that got accepted was 563, so yeah, I was not alone this month :-).
Anyway, this month marked another milestone in my NEW package handling. My overall number of ACCEPTed package exceeded the magic number of 20000 packages. This is almost 30% of all packages accepted in Debian. I am a bit proud of this achievement.
Just a day after the CXL 2.0 specification was published, the initial Linux kernel support for this updated Compute Express Link revision was sent out for review.
Longtime open-source Intel Linux developer Ben Widawsky sent out the initial kernel patches for CXL 2.0. The initial focus is on the type-3 memory devices defined by the CXL 2.0 specification that serves as a memory expander for RAM or persistent memory. These initial CXL 2.0 patches are still a work-in-progress but seem to be making good progress given the punctual review process beginning.
Those nine kernel patches so far around the CXL 2.0 memory support amount to just over thirteen hundred lines of new code.
Widawsky also sent out a set of 25 patches to the QEMU developers in working on the CXL 2.0 emulation support. They are leveraging QEMU to move forward on the CXL 2.0 bring-up while awaiting capable hardware and also being an ideal environment for regression testing.
ASUS has been evaluating the Linux Vendor Firmware Service (LVFS) for distributing firmware updates to their Linux customers for flashing in turn via Fwupd. Their first motherboard firmware update has now been volleyed onto this open-source platform for easing firmware updates on Linux.
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the availability of a new Professional Certificate program, Introduction to DevOps: Practices and Tools.
Developed in conjunction with the Continuous Delivery Foundation and hosted on the non-profit edX learning platform, the program is addressed to developers and IT operators exploring new approaches for building software, professionals focused on site reliability and quality assurance, and anyone involved in the software delivery process.
