Submitted by Roy Schestowitz on Thursday 17th of June 2021 01:07:11 PM Filed under
HowTos
  • SSH with a SmartCard-HSM and EC keys

    The six year-old HSM I have has support for 2048 bit only RSA keys which is enough reason to attempt using EC keys, but as Remy pointed out when he wrote the article in 2016, OpenSSH had no PKCS#11 support for them then.

    It turns out my client of choice has OpenSSH_8.1p1 which isn’t recent enough either, so I install portable OpenSSH version 8.6p1.

  • Joey Hess: typed pipes in every shell

    Powershell and nushell take unix piping beyond raw streams of text to structured or typed data. Is it possible to keep a traditional shell like bash and still get typed pipes?

    I think it is possible, and I'm now surprised noone seems to have done it yet. This is a fairly detailed design for how to do it. I've not implemented it yet. RFC.

  • Stephen Smoogen: Working with Raspberry PI4 systems

    While my current work is aimed at ARM-64 hardware, many of the boards are not Server Ready Hardware and thus do not have things like EUFI to boot, ACPI to query the hardware stack, or various other things which are added later as firmware updates. They also end up having ‘developer kit boards’ of US$6000.00+ systems which having one at home is hard to justify. {Sorry kid, no college this semester… Dad bought himself a board that the customer may dump next week.}

    In looking for proxy systems, my team has been focusing first on the classic ARM for small projects: The Raspberry Pi. The raspberry pi4 with 4 GB of ram works out as a proxy for all kinds of ‘low-end’ systems where you may need to play with a small GPU and try to make it work with a Server Ready operating system like CentOS Stream.

  • How to update the Discord app on Linux

    Do you use Discord on Linux? Do you need to update to the latest features but don’t know how? We can help! Follow along in this guide as we go over how to update Discord on Linux!

  • How to install Veloren on a Chromebook

    Today we are looking at how to install Veloren on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

  • How to Set Up Razer Devices on Linux for Lighting Effects

    You have a shiny new Razer hardware, but you cannot find the Razer Synapse software for Linux. And you end up with no proper RGB sync and do not get to customize it. What do you do?

    Well, for certain functionalities, like adding macros to your mouse, you will still need access to Razer Synapse (on Windows or macOS).

    But, to tweak a few other options like macros for the keyboard, changing the DPI of your mouse, or lighting effects, you can easily set up your Razer peripherals on Linux.

  • How To Install and Configure Drupal on Fedora 34/33 – TecAdmin

    Drupal is a free and open-source content management system (CMS), is flexible for building blogs and websites. It is written in PHP programming language and uses MySQL as a backend database. Drupal is available with thousands of add-ons, which makes it highly customizable.

    You can deploy Drupal on any web server that supports the PHP programming language. In this tutorial, we will provide you with steps to install Drupal with Apache on Fedora Linux systems.

  • How to deliver decision services with Kogito | Red Hat Developer

    This article is the first of two presenting new support for developing decision services in Red Hat Business Automation Manager and Red Hat Process Automation Manager. We specifically address support for the Decision Model and Notation (DMN) standard. Process Automation Manager now supports Kogito's cloud-native runtime engine for creating rules, decisions, and resource-planning optimization solutions based on the Predictive Model Markup Language (PMML).

    We'll present an example using Kogito with Drools Rules Language, both backed by the KIE group. By expanding Kogito with the power of Quarkus, you can enjoy hot-reload during the development phase and compile decision services into fast, lightweight services.

    For resource planning, Process Automation Manager 7.11 brings full support for OptaPlanner 8, the most recent version of this artificial intelligence (AI) constraint solver technology.

    All these new features are now part of the Red Hat Process Automation stack.

  • How to install htop on Almalinux or Rocky 8 - Linux Shout

    htop is a lightweight to available for Linux systems to show a dynamic overview of the running processes and the system resources used. Compared to the classic top this process manager offers some convenient functions. Here we see the steps to install it on AlmaLinux, CentOS, 8, Rocky, Oracle, or RHEL.

    The program has a ncurses interface, ncurses stands for new curses, it is a free C – program library to a character-based user interface (Text user interface – TUI) independently of the illustrative text terminal or terminal emulator display. Htop can easily be operated with the keyboard without having to type long commands. If htop is started in a terminal within a desktop environment, the mouse can also be used. If you want to use the mouse in a virtual terminal, gpm must be installed.

  • How to install Gitlab on FreeBSD - Unixcop Unixcop

    GitLab is a web based version control system and collaborative software development based on Git. Its features include things like the code repository, wiki or issue-tracking system. In this article I will show you how to install the Community Edition of GitLab on FreeBSD.

  • How to install Joomla 3.9 on Ubuntu 20.04

    Joomla is an award-winning content management system (CMS) that is used for making dynamic websites. It is open-source and is available for free under GPL (general public license). It is based on a model–view–controller framework. It powers millions of websites around the world. It can be used to develop websites for different purposes like business websites, online magazines, e-commerce, portals etc. Joomla has large community of users to provide support.

  • How to resize and growing disks in FreeBSD - Unixcop

    I work a lot with virtual nachines. In fact, most of my servers are virtual machines (last time I’ve counted, there where around 100vms) running on top of four physical servers and couple of SAN/NAS. Sometimes you -or the one who asked for the machine- underestimate the hardware resources needed. Or simply after a while you end up with a nice “Filesystem full” error.
    In this article I’ll show how to resize a partition and grow the filesystem to get more free space.

  • yum/dnf Package Manager Basics

    Every modern Linux distribution comes with a set of tools for installing and updating software. Such tools are called package managers.

    Package managers help you find software, download it to your computer and install or upgrade it. When a certain software package can’t work without additional components, relevant software packages will be installed automatically.

    In Red Hat family of operating systems the package manager is called yum. In recent years it’s been replaced with backward-compatible tool called dnf.

  • Copy A File To Multiple Directories In Command Line On Linux

    In this brief guide, we will discuss how to copy a file to multiple directories from command line using find, cp, echo, xargs and tee commands on Linux.
    The other day I wanted to copy some videos to different folders in my Arch Linux desktop. As you already know, we can easily do it by right-clicking on the file, select Copy option from the context menu and paste it on the destination directory/folder.
    However, I'd like to know if there are any other way to copy the file into multiple directories in one go. I thought It would help when I want to copy a single file into number of different directories at once. I did a few web searches and come up with following solutions.

  • Defining and distributing SELinux policies - Linux Concept

    Enabling SELinux does not automatically start the enforcement of access. If SELinux is enabled and it cannot find a policy, it will refuse to start because the policy defines the behavior of the system (what SELinux should allow). SELinux policies are generally distributed in a compiled form (just like with software) as policy modules. These modules are then aggregated into a single policy store and loaded in memory to allow SELinux to enforce the policy rules on the system.

  • Install NVIDIA Drivers on Debian / Ubuntu / Linux Mint / LMDE [Manual Install] – If Not True Then False

    This is guide, howto install NVIDIA proprietary drivers on Debian Sid/11/10, Ubuntu 21.10/21.04/20.10, Linux Mint 20.1, LMDE 4 and disable Nouveau driver. This guide works with GeForce 8/9/200/300/400/500/600/700/800/900/10/20/30 series cards. This is alternative way to install NVIDIA drivers, because Debian based Linux distros have NVIDIA drivers directly from repos too.

  • The ultimate guide to EAPI 8

    Three years ago, I had the pleasure of announcing EAPI 7 as a major step forward in our ebuild language. It introduced preliminary support for cross-compilation, it finally provided good replacements for the last Portagisms in ebuilds and it included many small changes that made ebuilds simpler.

    Only a year and a half later, I have started working on the initial EAPI 8 feature set. Similarly to EAPI 6, EAPI 8 was supposed to focus on small changes and improvements. The two killer features listed below were already proposed at the time. I have prepared a few patches to the specification, as well as the initial implementation of the respective features for Portage. Unfortunately, the work stalled at the time.

    Finally, as a result of surplus of free time last month, I was able to resume the work. Along with Ulrich Müller, we have quickly prepared the EAPI 8 feature set, got it pre-approved, prepared the specification and implemented all the features in Portage and pkgcore. Last Sunday, the Council has approved EAPI 8 and it's now ready for ~arch use.

    What's there in EAPI 8? Well, for a start we have install-time dependencies (IDEPEND) that fill a gap in our cross-compilation design. Then, selective fetch/mirror restriction make it easier to combine proprietary and free distfiles in a single package. PROPERTIES and RESTRICT are now accumulated across eclasses reducing confusion for eclass writers. There's dosym -r to create relative symlinks conveniently from dynamic paths. Plus bunch of other improvements, updates and cleanups.

  • Linux package management with dnf | Opensource.com

    Installing an application on a computer system is pretty simple. You copy files from an archive (like a .zip file) onto the target computer in a place the operating system expects there to be applications. Because many of us are accustomed to having fancy installer "wizards" to help us get software on our computers, the process seems like it should be technically more complex than it is.

    What is complex, though, is the issue of what makes up an application. What users think of as a single application actually contains code borrowing from software libraries (i.e., .so files on Linux, .dll files on Windows, and .dylib on macOS) scattered throughout an operating system.

    So that users don't have to worry about that veritable matrix of interdependent code, Linux uses a package management system to track what application needs what library, and which library or application has security or feature updates, and what extra data files were installed with each software title. A package manager is, essentially, an installer wizard. They're easy to use, they provide both graphical interfaces and terminal-based interfaces, and they make your life easier. The better you know your distribution's package manager, the easier your life gets.

GNU Projects: Coreutils, Taler, and gdbm

  • Rewriting the GNU Coreutils in Rust

    As movement toward memory-safe languages, and Rust in particular, continues to grow, it is worth looking at one of the larger scale efforts to port C code that has existed for decades to Rust. The uutils project aims to rewrite all of the individual utilities included in the GNU Coreutils project in Rust. Originally created by Jordi Boggiano in 2013, the project aims to provide drop-in replacements for the Coreutils programs, adding the data-race protection and memory safety that Rust provides. Many readers will be familiar with the Coreutils project. It includes the basic file, process, and text manipulation programs that are expected to exist on every GNU-based operating system. The Coreutils project was created to consolidate three sets of tools that were previously offered separately, Fileutils, Textutils, and Shellutils, along with some other miscellaneous utilities. Many of the programs that are included in the project, such as rm, du, ls, and cat, have been around for multiple decades and, though other implementations exist, these utilities are not available for platforms like Windows in their original form. Collectively, the Coreutils programs are seen as low-hanging fruit where a working Rust-based version can be produced in a reasonable amount of time. The requirements for each utility are clear and many of the them are conceptually straightforward, although that's not to suggest that the work is easy. While a lot of progress has been made to get uutils into a usable state, it will take some time for it to reach the stability and maturity of Coreutils. The use of Rust for this project will help to speed this process along since a huge swathe of possible memory errors and other undefined behavior is eliminated entirely. It also opens the door to the use of efficient, race-free multithreading which has the potential to speed up some of the programs under certain conditions. The uutils rewrite also provides an opportunity to not just reimplement Coreutils but to also enhance the functionality of some of the utilities to yield a better user experience, while maintaining compatibility with the GNU versions. For example, feature requests that have long been rejected in the Coreutils project, like adding a progress bar option for utilities like mv and cp, are currently being entertained in this Rust rewrite.

  • 2021-6: SUERF Policy Brief "How to issue a privacy-preserving central bank digital currency" published

    We are happy to announce the publication of our policy brief on "How to issue a privacy-preserving central bank digital currency" by The European Money and Finance Forum. Many central banks are currently investigating Central Bank Digital Currency (CBDC) and possible designs. A recent survey conducted by the European Central Bank has found that both citizens and professionals consider privacy the most important feature of a CBDC. We show how a central bank could issue a CBDC that would be easily scalable and allow the preservation of a key feature of physical cash: transaction privacy. At the same time the proposed design would meet regulatory requirements and thus offer an appropriate balance between privacy and legal compliance.

  • gdbm @ Savannah: Version 1.20

    Version 1.20 is available for download.

Android Leftovers

Kernel: LWN and Phoronix Article (Without Paywall and New, Respectively)

  • Auditing io_uring

    The io_uring subsystem, first introduced in 2019, has quickly become the leading way to perform high-bandwidth, asynchronous I/O. It has drawn the attention of many developers, including, more recently, those who are focused more on security than performance. Now some members of the security community are lamenting a perceived lack of thought about security support in io_uring, and are trying to remedy that shortcoming by adding audit and Linux security module support there. That process is proving difficult, and has raised the prospect of an unpleasant fallback solution. The Linux audit mechanism allows the monitoring and logging of all significant activity on the system. If somebody wants to know, for example, who looked at a specific file, an audit-enabled system can provide answers. This capability is required to obtain any of a number of security certifications which, in turn, are crucial if one wants to deploy Linux in certain types of security-conscious settings. It is probably fair to say that a relatively small percentage of Linux systems have auditing turned on, but distributors, almost without exception, enable auditing in their kernels. The audit mechanism relies, in turn, on a large array of hooks sprinkled throughout the kernel source. Whenever an event that may be of interest occurs, it is reported via the appropriate hook to the audit code. There, a set of rules loaded from user space controls which events are reported to user space. When io_uring was being developed (which is still happening now, of course), the developers involved were deeply concerned about performance and functionality. Supporting security features like auditing was not at the top of their list, so they duly neglected to add the needed hooks — or to think about how auditing could be supported in a way consistent with the performance goals. Now that io_uring is showing up in more distributor kernels (and, in particular, the sorts of kernels where auditing is relatively likely to be enabled), security-oriented developers are starting to worry about it. Having io_uring serve as a way to circumvent the otherwise all-seeing audit eye does not seem like a good way to maintain those security certifications.

  • The runtime verification subsystem

    The realtime project has been the source of many of the innovations that have found their way into the core kernel in the last fifteen years or so. There is more to it than that, though; the wider realtime community is also doing interesting work in a number of areas that go beyond ensuring deterministic response. One example is Daniel Bristot de Oliveira's runtime verification patch set, which can monitor the kernel to ensure that it is behaving the way one thinks it should. Realtime development in the kernel community is a pragmatic effort to add determinism to a production system, but there is also an active academic community focused on realtime work. Academic developers often struggle to collaborate effectively with projects like the kernel, where concerns about performance, regressions, and maintainability have been the downfall of many a bright idea. As a result, there is a lot of good academic work that takes a long time to make it into a production system, if it ever does. Imagine, for a moment, a project to create a realtime system that absolutely cannot be allowed to fail; examples might include a controller for a nuclear reactor, a jetliner's flight-control system, or the image processor in a television set showing that important football game. In such a setting, it is nice to know that the system will always respond to events within the budgeted time. Simply observing that it seems to do so tends to be considered inadequate for these systems. One way to get to a higher level of assurance is to create a formal model of the system, prove mathematically that the model produces the desired results, then run that model with every scenario that can be imagined. This approach can work, but it has its difficulties: ensuring that the model properly matches the real system is a challenge in its own right and, even if the model is perfect, it is almost certain to be far too slow for any sort of exhaustive testing. The complexity of real-world systems makes this approach impractical, at best.

  • It's Good But Maybe Bad: LVFS Skyrockets With More Than 100k Firmware Updates In One Day - Phoronix

    The Linux Vendor Firmware Service (LVFS) with Fwupd has been serving on average around 40k~50k firmware updates per daay to Linux users relying on this cross-vendor, open-source firmware distribution service with FWUPD for applying firmware updates under Linux. But yesterday its usage just skyrocketed with more than 100,000 firmware updates in a single day... That's great for adoption but the motivation for the mass firmware updates may be something rough on the horizon.

  • Intel Speed Select Driver Issue Was Hurting Performance In Some HPC Benchmarks - Phoronix

    Intel's Speed Select Technology introduced since Cascade Lake for providing more granular power/performance controls was done in the name of performance but it turns out an ISST Linux driver inefficiency could lead to a 10%+ performance hit for some HPC benchmarks. Public details are scarce on this latest Intel Speed Select Technology Linux driver change but when making use of this ISST code on select systems and for unspecified HPC workloads it could lead to reported 10%+ performance penalties for some high performance computing benchmarks. The issue stems from the CPU to PCI device mapping carrying out a linear search of PCI devices on systems and in particular for massive servers this could prove to be very expensive.

  • AMDGPU For Linux 5.14 To Report Throttler Status, Many Fixes Sent Out - Phoronix

    Last week marked the end of feature work for the AMDGPU driver (and other DRM drivers) for the upcoming Linux 5.14 cycle. Sent out today though were the first set of AMDGPU fixes targeting Linux 5.14 that does include a recently talked about throttler status feature. Prior feature pull requests to DRM-Next for the AMD Radeon kernel graphics driver for Linux 5.14 included the introduction of Beige Goby and Yellow Carp GPU support, HMM SVM, more Aldebaran accelerator work, PCI Express ASPM being enabled by default, GPU hot unplug support, AMD Smart Shift support for laptops, 16 bpc support, and various other changes. Linux 5.14 will be another exciting cycle for AMD Radeon open-source driver users particularly if running newer GPUs.

7 Best Free and Open Source HTML Editors

An HTML editor is computer software for creating web pages. As this type of editor helps to remove the frustration out of creating web pages, it represents an indispensable tool for graphic and web designers. Specialized HTML editors provide convenience and added functionality. There are three main types of HTML editors. The most common type is the WYSIWYG HTML editor. Here the editor provides an editing interface which resembles how the page will be displayed in a web browser. This is achieved by embedding a layout engine. For example, in the case of BlueGriffon, the layout engine that is used is Gecko, which is also used in the Firefox web browser. The other types of editor are text source editors and object editors. Read more

