Over the past 3 or 4 years, my colleagues and I at Red Hat have been making a set of composable command line tools for handling virtual machine disk images. These let you copy, create, manipulate, display and modify disk images using simple tools that can be connected together in pipelines, while at the same time working very efficiently. It’s all based around the very efficient Network Block Device (NBD) protocol and NBD URI specification.

Have Microsoft Paint open-source alternative Pinta on Ubuntu 22.04 Jammy JellyFish or 20.04 Focal Fossa for image drawing and editing images. Inspired by Paint.NET, Pinta is another open-source program for Linux users with features similar to Microsoft Paint software. It is not just limited to Linux, instead, Pinta is a cross-platform that can be installed on Windows, FreeBSD, and macOS This bitmap image drawing tool is very straightforward and also offers drawing tools, image filters, and color adjustment tools but fewer feartures as compared to GIMP. However, GIMP is a little complicated for new users whereas this one is easy and focuses on usability which can be seen in its offerings. Such as unlimited undo history; Multiple language support; flexible toolbar arrangement, including floating as windows or docking around the image edge; also supports for image layers.

In this tutorial, we will show you how to install Neofetch on CentOS 9 Stream. For those of you who didn’t know, Neofetch is a free and open-source command-line tool that displays system and hardware information in a visually appealing manner. Neofetch displays an ASCII logo of your Linux distribution along with information related to your system in the terminal such as OS type, kernel version, CPU, RAM, and others. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Neofetch command-line tool that displays the system on CentOS 9 Stream.

Recently, I showed you how to deploy CouchDB as a standalone NoSQL database server, which could serve you well in small instances. This time around, I want to show you a neat trick for deploying CouchDB as a cluster using Docker. Although this method might not be ideal for production usage, it’s a great way for developers to be able to work with CouchDB in a test environment.

After deploying a platform for the storing and sharing of files and directories, one of the first things you’ll want to do is start adding and managing groups. With groups, you can better control who has access to what without having to take care of it on a user-by-user basis. By employing groups, you can add users who will inherit the permissions found within the group so it’s more efficient. But not every platform is the same and some do require a bit of extra attention to get right. One such platform is SFTPGo. Although on the surface, it looks as though it should be very simple to manage users and groups, you do have to go the extra mile to make sure it all works. Let me show you what I mean by walking you through the process of adding a group and then adding a user to that group.

What would it be like to suffer a cyberattack event, that literally closes down an entire business? That's exactly what happened to United Structures of America, a steel manufacturing company. In this episode, Jay and Joao discuss what happened, and some of the lessons learned that should cause other organizations to take a hard look at how insecure their own systems are.

Vecow introduces SOM line based on MediaTek Genio 1200/500/350 processors Vecow presented their new line of System on Module devices (SoM) at Embedded World 2022. The latest SoMs integrate MediaTek's Genio 1200, Genio 500 and Genio 350 processors. Additionally, the company has developed carrier boards for quick product development.

Introducing PyScript [LWN.net] In a keynote at PyCon 2022 in Salt Lake City, Utah, Peter Wang introduced another entrant in the field of in-browser Python interpreters. The Python community has long sought a way to be able to write Python—instead of JavaScript—to run in web browsers, and there have been various efforts to do so over the years. Wang announced PyScript as a new framework, built atop one of those earlier projects, to allow Python scripting directly within the browser; those programs have access to much of the existing Python ecosystem as well as being able to interact with the browser document object model (DOM) directly. In addition, he gave some rather eye-opening demonstrations as part of the talk. Wang began by introducing himself and the company that he runs, Anaconda, which he co-founded with Travis Oliphant ten years ago. Oliphant was the creator of NumPy and one of the founders of SciPy, both of which are cornerstones of the Python scientific-computing ecosystem. Anaconda has created a number of different tools that are used widely in the community, as well as founding the NumFOCUS non-profit and the PyData conferences. There were a number of reasons why he and Oliphant chose to focus their efforts around Python, including that the language is approachable, even by those who lack a computer-science background. Another point in its favor is that the Python community is generally welcoming and pleasant to work in. That is a "really big deal if you want to keep growing the user base". But there is another aspect of the language that makes it so desirable from his standpoint: it can be extended with binary extensions that use an API that is written in C, but can be accessed from other languages. He likens Python to "a Honda Civic with mounting bolts for a warp drive". So the language can be picked up by kids who can then pop open the trunk "and bolt on warp nacelles" that allows the code to run faster than C or C++ in some cases, Wang said. That aspect is sometimes overlooked, but it means that Python can be used in ways that other, similar languages cannot. "It's not just like Node, it's not just an alternative to Ruby". The reason Python was picked up by Wall Street firms ten or 15 years ago was because of this warp-drive capability, he said.

A new LLVM CFI implementation [LWN.net] Some kernel features last longer than others. Support for forward-edge control-flow integrity (CFI) for kernels compiled with LLVM was added to the 5.13 kernel, but now there is already a replacement knocking on the door. Control-flow integrity will remain, but the new implementation will be significantly different — and seemingly better in a number of ways. The kernel makes extensive use of indirect function calls; they are at the heart of its internal object model. Every one of those calls is a potential entry point for an attacker; if the target of the call can be somehow changed to an address of the attacker's choosing, the game is usually over. Forward-edge CFI works to thwart such attacks by ensuring that every indirect function call sends control to a code location that was actually intended to be a target of that call. Specifically, an indirect function call should only go to a known function entry point, and the prototype of the function should match what is expected at the call site. The CFI implementation merged for 5.13 works by creating "jump tables" containing all of the legitimate targets of indirect function calls in the kernel; there is one jump table for each observed function prototype. Actual indirect calls are replaced with a jump-table lookup to ensure that the intended target meets the criteria; the target should be found in the jump table corresponding to the intended function prototype. If that test fails, a kernel panic results. See this article for a more detailed description of how this mechanism works.

Disabling an extent optimization [LWN.net] In the final filesystem session at the 2022 Linux Storage, Filesystem, Memory-management and BPF Summit (LSFMM), David Howells led a discussion on a filesystem optimization that is causing various kinds of problems. Extent-based filesystems have data structures that sometimes do not reflect the holes that exist in files. Reads from holes in sparse files (i.e. files with holes) must return zeroes, but filesystems are not obligated to maintain knowledge of the holes beyond that, which leads to the problems. Howells began by describing the problem, which he first encountered with files cached using FS-Cache, but he has found that it is actually more widespread. When there is a file on an extent-based filesystem (which is ext4, XFS, and Btrfs for Linux) that has a small gap between two extents, the filesystem will sometimes merge the extents, filling in the gap with zeroes. That is done to reduce the extent list for the file, though it increases the amount of storage used on the disk. The opposite can also happen, when the filesystem sees a huge block of zeroes in a file, it can save disk space by creating two extents with a gap between them, though that is seemingly less of a problem for Howells.

NFS: the early years [LWN.net] I recently had cause to reflect on the changes to the NFS (Network File System) protocol over the years and found that it was a story worth telling. It would be easy for such a story to become swamped by the details, as there are many of those, but one idea does stand out from the rest. The earliest version of NFS has been described as a "stateless" protocol, a term I still hear used occasionally. Much of the story of NFS follows the growth in the acknowledgment of, and support for, state. This article looks at the evolution of NFS (and its handling of state) during the early part of its life; a second installment will bring the story up to the present. By "state" I mean any information that is remembered by both the client and the server, and that can change on one side, thus necessitating a change on the other. As we will see, there are many elements of state. One simple example is file content when it is cached on the client, either to eliminate read requests or to combine write requests. The client needs to know when cached data must be flushed or purged so that the client and server remain largely synchronized. Another obvious form of state is file locks, for which the server and client must always agree on what locks the client holds at any time. Each side must be able to discover when the other has crashed so that locks can be discarded or recovered.