IBM/Red Hat/Fedora Leftovers

Thursday 13th of January 2022
Red Hat
  • How to troubleshoot DHCP communication problems on your network | Enable Sysadmin

    Imagine you have a repurposed enterprise switch with a Dynamic Host Configuration Protocol (DHCP) service that you need to troubleshoot. There is little information available about the switch's configuration or previous deployments. The device is reported to be functional and should lease Internet Protocol (IP) address configurations to clients. However, the attached clients are not receiving IP configurations from the switch.

  • IT talent: 3 hot IT roles in 2022 and beyond | The Enterprisers Project

    As organizations kick off 2022 IT hiring, the demand for IT talent is not slowing down. Digital transformation leaders and IT security professionals are in particularly high demand, driven by digital transformation and the continuation of remote work.

    Many companies that put digital transformation on hold during the pandemic are now prioritizing these initiatives and are seeking top IT professionals to lead them. Hand-in-hand with digital transformation initiatives is IT security. Security continues to be a top priority for organizations as phishing attempts and hacking threatens their data.

  • Get started with Node.js 16 on OpenShift | Red Hat Developer

    In April 2021, Node.js released its latest major version, Node.js 16. Code-named Gallium, it became a long-term support (LTS) release in October.

    Red Hat recently released a fully supported Node 16 container image. Every Red Hat build of a Node.js release is tested and supported on Red Hat OpenShift and Red Hat Enterprise Linux and is based on a Red Hat Universal Base Image.

    Red Hat runtimes are tested and certified against various popular development frameworks and technologies while running on Red Hat OpenShift and RHEL. We are unable to test every possible framework and version, but the specific components, modules, and frameworks supported on Red Hat's build of Node.js can be found on the component details page as per the Node.js module and framework support policies.

  • A developer's guide to CI/CD and GitOps with Jenkins Pipelines | Red Hat Developer

    CI/CD, or continuous integration and continuous delivery, is an essential part of the modern software development life cycle. Coupled with GitOps, CI/CD allows developers to release high-quality software almost as soon as they commit code to a repository such as GitHub.

    Automation is a key factor for implementing effective CI/CD. In this process, developers and release engineers create scripts that have all the instructions needed to test the code in a source code repository before putting it into a production environment. The process is efficient but complex. Fortunately, there are many tools that lessen the burden.

    Jenkins is one of the most popular tools used for CI/CD. Jenkins has been around for years and has undergone numerous revisions, adding features all along the way. One of the most transformative features added to Jenkins is the ability to run Jenkins Pipeline jobs driven by an automation script stored in a Jenkinsfile. Developers and release engineers can use Jenkinsfiles to combine the practices of CI/CD and GitOps into a unified deployment process. That's the focus of this article.

    We'll start with a brief refresher of what Jenkins is and how it applies to both CI/CD and GitOps. Then, I’ll guide you through how to use a Jenkinsfile to create deployments that combine CI/CD and GitOps.

  • Another Fedora integrity-management proposal [LWN.net]

    As is usual for feature proposals, Fedora program manager Ben Cotton posted it to the Fedora devel mailing list on behalf of the feature owner: Roberto Sassu. The change proposal is also on the Fedora wiki. The new feature would use the Digest Lists Integrity Module (DIGLIM) feature, which has been proposed by Sassu as an addition to the kernel's Integrity Measurement Architecture (IMA). Ensuring that file contents and metadata do not change in unexpected ways is IMA's job; DIGLIM is an optimization of sorts to IMA.

    IMA has a number of different functions, but at its core it maintains "digests" of file contents and metadata; these digests are cryptographic hashes that can be used to reliably detect file changes. IMA can also use the digests, in combination with the system's Trusted Platform Module (TPM), to calculate a value that proves that the system is running a known set of software. That value can be used to ensure the system has been securely booted or it can be sent elsewhere to remotely attest to the state of the system.

    Each file being protected by IMA needs its digest stored with the file, which is normally done using extended attributes in the filesystem. IMA can be configured to check each file before it is accessed to see if its digest still matches the stored value; if not, access can be denied. As files are assessed, their digest can be submitted to the TPM to extend a Platform Configuration Register (PCR); the resulting value is a reflection of the files measured, but it is also affected by the order of the accesses.

    According to the DIGLIM proposals (for Fedora and the patch set for the kernel), parallel execution during the assessment results in differing values from the TPM; even if the same code is used, it may result in a different attestation value. DIGLIM provides a mechanism to take a digest value of all of the files installed, instead, and use that for calculating the attestation value. Only files that have digests that were not included in the overall "installation digest" would be used to further extend the PCR in the TPM.

    It does so by providing a mechanism to enroll digest values from the installed files into a kernel "digest list", which can then be consulted as files are accessed. If the digest of a file appears on the list, it can be considered to be unchanged and its digest value does not get submitted to the TPM; otherwise, the file has been modified or was not included in the digest list at all, so access could be denied and the file's digest added into the attestation value. The latter would likely mean that the system fails its attestation.

Plots is an open-source, free app to visualize visualize mathematical formulas

Plots is a graph plotting app for GNOME. Plots makes it easy to visualize mathematical formulae. In addition to basic arithmetic operations, it supports trigonometric, hyperbolic, exponential and logarithmic functions, as well as arbitrary sums and products. It can display polar equations, and both implicit and explicit Cartesian equations. Read more

Zrythm Switches to GTK 4 and libadwaita Ahead of Other Digital Audio Workstations (DAWs)

Now that it’s been a while since GTK 4 was unveiled, several applications have started to make the move from GTK 3. The latest of which is Zrythm. While still in its alpha phase, this change is incredibly large and impactful, so let’s take a look at it! In case you’re curious, Zrythm is a Digital Audio Workstation, just like LMMS, Ardour, and other options in our list of best DAWs. Zrythm allows users to edit audio, and make music. It has all the essential features expected from a DAW. And, it seems to be properly working with the various audio servers desktop Linux uses (like Pulseaudio, Pipewire, etc.). Read more

Mesa 22.0 Delays and LWN's Kernel Articles

  • Mesa 22.0 Pushed Back By Three Weeks - Phoronix

    While a lot of open-source OpenGL and Vulkan driver improvements have been landing in recent days in anticipation of the Mesa 22.0 code branching and feature freeze for Wednesday, that deadline has now been extended by three weeks. Due to problems merging some merge requests from GitLab as well as FreeDesktop.org hosting issues, Mesa 22.0 has been pushed back. Additionally, some Mesa3D developers have expressed interest in trying to squeeze in some remaining patches not yet merged.

  • Zero-copy network transmission with io_uring [LWN.net]

    When the goal is to push bits over the network as fast as the hardware can go, any overhead hurts. The cost of copying data to be transmitted from user space into the kernel can be especially painful; it adds latency, takes valuable CPU time, and can be hard on cache performance. So it is unsurprising that the developers working with io_uring, which is all about performance, have turned their attention to zero-copy network transmission. This patch set from Pavel Begunkov, now in its second revision, looks to be significantly faster than the MSG_ZEROCOPY option supported by current kernels. As a reminder: io_uring is a relatively new API for asynchronous I/O (and related operations); it was first merged less than three years ago. User space sets up a pair of circular buffers shared with the kernel; the first buffer is used to submit operations to the kernel, while the second receives the results when operations complete. A suitably busy process that keeps the submission ring full can perform an indefinite number of operations without needing to make any system calls, which clearly improves performance. Io_uring also implements the concept of "fixed" buffers and files; these are held open, mapped, and ready for I/O within the kernel, saving the setup and teardown overhead that is otherwise incurred by every operation. It all adds up to a significantly faster way for I/O-intensive applications to work. One thing that io_uring still does not have is zero-copy networking, even though the networking subsystem supports zero-copy operation via the MSG_ZEROCOPY socket option. In theory, adding that support is simply a matter of wiring up the integration between the two subsystems. In practice, naturally, there are a few more details to deal with. A zero-copy networking implementation must have a way to inform applications when any given operation is truly complete; the application cannot reuse a buffer containing data to be transmitted if the kernel is still working on it. There is a subtle point that is relevant here: the completion of a send() call (for example) does not imply that the associated buffer is no longer in use. The operation "completes" when the data has been accepted into the networking subsystem for transmission; the higher layers may well be done with it, but the buffer itself may still be sitting in a network interface's transmission queue. A zero-copy operation is only truly done with its data buffers when the hardware has done its work — and, for many protocols, when the remote peer has acknowledged receipt of the data. That can happen long after the operation that initiated the transfer has completed. So there needs to be a mechanism by which the kernel can tell applications that a given buffer can be reused. MSG_ZEROCOPY handles this by returning notifications via the error queue associated with the socket — a bit awkward, but it works. Io_uring, instead, already has a completion-notification mechanism in place, so the "really complete" notifications fit in naturally. But there are still a few complications resulting from the need to accurately tell an application which buffers can be reused.

  • User-managed concurrency groups [LWN.net]

    The kernel's thread model is relatively straightforward and performs reasonably well, but that's not enough for all users. Specifically, there are use cases out there that benefit from a lightweight threading model that gives user space control over scheduling decisions. Back in May 2021, Peter Oskolkov posted a patch set implementing an abstraction known as user-managed concurrency groups, or UMCG. Several revisions later, many observers still lack a clear idea of what this patch is supposed to do, much less whether it is a good idea for the kernel. Things have taken a turn, though, with Peter Zijlstra's reimplementation of UMCG. One developer reimplementing another's patch set is likely to raise eyebrows. Zijlstra's motivation for doing that work can perhaps be seen in this message, where he notes that the UMCG code looked little like the rest of the scheduler code. He also remarked that it required "reverse engineering" to figure out how UMCG was meant to be used. By the time that work was done, perhaps, it was just easier to recast the code in the form he thought it should take. In truth, the documentation for UMCG is no better than before — a significant problem for a major proposed addition to the system-call API. But it is possible to dig through the code (and a "pretty rough" test application posted by Zijlstra) to get a sense for what is going on. In short, UMCG calls for a multi-threaded application to divide itself into "server" and "worker" threads, where there is likely to be one server thread for each CPU on the system. Server threads make scheduling decisions, while workers run according to those decisions and get the actual work done. The advantage of a system like UMCG is that scheduling can happen quickly and with little overhead from the kernel — assuming the server threads are properly implemented, of course.

today's howtos

  • How to Check MySQL User Privileges in Linux

    The first/fresh installation of a MySQL on any operating system only considers the root user as the default database user. The first database transactions/activities are performed by the root user only. Therefore, it is not ideal for any user that needs access to the MySQL database to gain entry via the root user credentials. Root user access should be reserved to the database administrator who will then use the root user credentials to create database users and grant privileges to execute different database queries.

  • Fix Firefox 96.0 And 95.0.2 Not Loading Websites With DNS Over HTTPS Enabled - Linux Uprising Blog

    The latest Firefox 96.0 as well as 95.0.2 have an issue which prevents the browser from establishing any connections when DNS over HTTPS (DOH) is enabled. Simply disabling this option once enabled doesn't make the issue go away. Read on to see how to fix this. With DNS over HTTPS enabled on Firefox 96.0 and 95.0.2, besides not being able to access any websites, the browser hangs in the background when closed. The issue affects Linux, Windows, and macOS Firefox users alike.

  • How to Increase Request Timeout in NGINX – TecAdmin

    Sometimes the long running requests failed with the error message “504: Gateway Timeout” in NGINX web server. To solve this issue, you need to increase request timeout in NGINX server configuration. The default, NGINX request timeout is 60 seconds. Which can be increased or decreased by updating the configuration files. In this quick FAQ, you will learn to change the request timeout in NGINX web server.

  • How to Install ModSecurity 3 & OWASP Core Rule Set with Apache (HTTPD) on Fedora 35 - LinuxCapable

    ModSecurity, often referred to as Modsec, is a free, open-source web application firewall (WAF). ModSecurity was created as a module for the Apache HTTP Server. However, since its early days, the WAF has grown and now covers an array of HyperText Transfer Protocol request and response filtering capabilities for various platforms such as Microsoft IIS, Nginx, and Apache. How the WAF works, the ModSecurity engine is deployed in front of the web application, allowing the engine to scan the incoming and outgoing HTTP connections. ModSecurity is most commonly used in conjunction with the OWASP Core Rule Set (CRS), an open-source set of rules written in ModSecurity’s SecRules language and is highly regarded among the security industry.

  • How to Install Linux Kernel 5.16 on Linux Mint 20 - LinuxCapable

    Linux kernel 5.16 has many new features, support, and security. The Linux 5.16 kernel release has a great new feature, FUTEX2, or futex_watv(), which aims to improve the Linux gaming experience, growing considerably with better native Linux porting for Windows games utilizing Wine. Other improvements have seen write include improved write congestion management, task scheduler for CPU clusters sharing L2/L3 cache, amongst many other additions. More information can be found on the Linux 5.16 Kernel release changelog.

  • How to install and Configure HAProxy load balancer on Debian 11

    HAProxy is a free and open source software that provides a high availability load balancer and proxy server for TCP and HTTP-based applications that spreads requests across multiple servers. It distributes the load among the web and application servers. Haproxy is popular for load balancing because of its efficiency, reliability, and low memory and CPU footprint. Load balancing is a common solution for distributing web applications horizontally across multiple hosts while providing the users with a single point of access to the service. It is available for install on major Linux distributions. In this guide we will learn how to install and configure HAProxy load balancer on Debian 11.

