Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Monday, 29 Nov 21 - Tux Machines is a community-driven public service/news site which has been around for over a decade and a half and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Why We Can't Teach Cybersecurity

By Dr. Andy Farnell

I teach cybersecurity. It's something I really believe in, but it's hard work for all the wrong reasons. First day homework for students is watching Brazil, No Country for Old Men, Chinatown, The Empire Strikes Back, or any other film where evil triumphs and the bad guys win. This establishes the right mindset - like the medics at the Omaha beach landing in Saving Private Ryan. Not to be pessimistic, but cybersecurity is a lost cause, at least as things stand today. If we define computer security to be the combination of confidentiality, integrity, and availability for data, and as resilience, reliability and safety for systems, then we are failing terribly on all points.

As a "proof" after a fashion, my students use a combination of Blotto analysis from military game theory, and Lubarsky's law ("there's always one more bug"). It is a dispiriting exercise to see how logic stacks up against the defenders, according to which "the terrorists always win". Fortunately, game theory frequently fails to explain a reality where we are not all psychopathically selfish Bayesian utility maximisers (unlike corporations which are programmed to be). Occasionally hope, compassion, gratitude, and neighbourly love win out.

Could things be worse than having mathematics against you? Actually yes. You could live in a duplicitous culture antithetical to security but favouring a profitable facsimile of it. Perhaps that's a means for obsolete power hierarchies to preserve themselves, or because we don't really understand what "security" is yet. Regardless, that's the culture we have, and it's a more serious problem than you might think, much more so than software complexity or the simple greed of criminals.

My optimism is that if we can face up to facts, we can start to change and progress. It is in the nature of teachers, doctors and drill instructors that we must believe people can change. So I'll try to explore here how this mess happened, how Linux, BSD and free open source software with transparent standards are a plausible even necessary way out of the present computer security crisis, and why the cybersecurity courses at most universities are not helping.

We have to keep faith that complexity, bad language design and reckless software engineering practices are surmountable by smart people. Maybe one day we'll build computers that are 99.9% secure. But that is unlikely to happen for reasons recently explained by Edward Snowden, who describes an Insecurity Industry. Indeed, I was a little disappointed by Snowden's essay which does not go nearly far enough in my opinion.

For me, the Insecurity Industry is not located in a few commercial black-hat operations like Israel's NSO Group, but within the attitudes and practices running through every vein of mainstream computing. As with its leaders, a society gets the technology it deserves. As we revel in cheap imported goods, surveillance capitalism, greed, convenience, manipulation, and disempowerment of users, we reap the security we deserve.

Blaming the cyber-arms trade, the NSO or NSA for answering the demands of cops and criminals alike, is distracting. Without doubt what they are doing is wrong and harmful to everyone, but we can't have secure computing while those who want it are an educated minority. That situation will not change so long as powerful and fundamentally untrustworthy corporations with business models founded on ignorance dominate our digital lives.

Projects of digital literacy started in the nineteen eighties. They kick-started Western tech economies, but faltered in the mid nineties. Programming and "computer studies" which attempted to explain technological tools were replaced by training in Microsoft Word and Excel spreadsheets. Innovation tailed-off. A generation taught to be dependent on tech, not masters of it, are fit only for what David Graeber described as Bullshit Jobs Graeber18.

Into this vacuum rushed "Silicon Valley values" of rent seeking, piggybacking upon established standards and protocols. With a bit of spit, polish, and aggressive marketing, old lamps could be foisted upon consumers. Twenty years later we have a culture of depressed, addicted, but disenfranchised technology users Lanier11.

We have moved from "It's more fun to compute" to "If you've nothing to fear you've nothing to hide". In other words, we've transformed digital technology from a personally empowering choice into systems of near-mandatory social command and control (see Neil Postman's Technopoly postman93). What advantage would any group have in securing their own chains and the weapons ranged against them? A sentiment only half-disguised in young people today is utter ambivalence toward tech.

As states move to reclaim control from social media platforms, public debate has been framed around whether Facebook and suchlike are threats to democracy and ought to be regulated. But this is merely a fragment of a larger problem and of a discussion that has never been properly widened to examine the general dangers of information technology in all its manifest forms, in the hands of governments, businesses, rogue groups and individuals alike.

For me, an elephant in the room is the colossal distance between what we teach and what we practice. Twice convicted monopolists Microsoft set back computing by decades, and in particular their impact on security has been devastating. Yet their substandard wares are still pushed into schools, hospitals and safety-critical transport roles. Even as embarrassing new holes in their products are exposed daily, lobbying and aggressive misinformation from Microsoft and other Big-Tech companies, all of which suffer from appalling privacy and security faults, continues unabated.

Big-tech corporations are insinuating themselves into our public education and health systems without any proper discussion around their place. It is left to well educated individuals to opt-out, reject their systems, and insist on secure, interoperable choices. Advisories like the European Interoperability Framework (EIF is part of Communication COM134 of the European Commission March 2017) recognise that tech is set to become a socially divisive equality issue. The technical poverty of the future will not separate into "haves and have-nots", but "will and the will-nots", those who will trade their privacy and freedom for access and those who eschew convenience for digital dignity.

As the word "infrastructure" (really vertical superstructure) has slyly replaced ICT (a horizontal service) battles have raged between tech monopolies and champions of open standards for control of government, education and health. The idea of public code (see the commentary of David A Wheeler and Richard Stallman) as the foundation of an interoperable technological society, has been vigorously attacked by tech giants. Germany fought Microsoft tooth and nail to replace Windows systems with 20,000 Linux PCs in 2015, only to have Microsoft lobby their way back in, replacing 30,000 desktops with Windows 10 in 2017. Now the Germans seem poised to switch again, this time taking back all public services by mandating support for LibreOffice.

In the UK, several institutions at which I teach are 'Microsoft customers'. I pause to use the term "Microsoft Universities", but they may as well be. Entirely in the pocket of a single corporation, all email, storage networks, and "Teams" communication are supplied by the giant. Due to de-skilling of the sector, the ICT staff, while nice enough people, lack advanced IT skills. They can use off-the-shelf corporate tools, but anything outside lockstep conformity allowed by check-box webmin interfaces is both terrifying and "not supported". I met a secondary school headmaster who seemed proud to tell me that they were not in the pockets of Microsoft, because they had "become a Google Academy". I responded that "as a Linux child", my daughter woudn't be using any of that rubbish either.

Here's a problem; I don't use Microsoft or Google products. At one level it's an ethical decision, not to enrich aggressive bullies who won't pay proper taxes in my country. It's also a well informed technical position based on my knowledge of computer security. For me to teach Microsoft to cybersecurity students would bring professional disgrace. I won't be the first or last person to lose work for putting professional integrity first. They say "Nobody ever got fired for choosing Microsoft". At some institutions that is not merely advice, it's a threat. Security in the shadow of Big-Tech now means job-security, as in the iron rice bowl from which the compliant may feed, but educated independent thinkers must abstain.

A more serious problem is not just that companies like Google and Microsoft are an expensive, controlling foreign corporations supplying buggy software, or that university administrators have given away control of our networks and systems, it's that commercial products are increasingly incompatible with teaching and research. They inject inbuilt censorship and ideological micromanagement into academies and schools.

Another is that "choice" is something of an illusion. Whatever the appearance of competition between, say, Apple and Facebook, Big-Tech companies collude to maintain interlocking systems of controls that enforce each others shared values including sabotage of interoperability, security and inviting regulation upon themselves to better keep down smaller competitors. Big-Tech comes with its own value system that it imposes on our culture. It restricts the learning opportunities of our kids, limits workplace innovation and diversity, and intrudes into our private activities of commerce and health.

In such a hostile environment for teaching cybersecurity (which is to teach empowering knowledge, and why we call it "Ethical Hacking" 1) one may employ two possible methods. First, we can buy in teaching packages reliant entirely on off-site resources. These are the "official" versions of what computer security is. Two commonly available versions come from Cisco and the EC Council. Though slickly presented these resources suffer the same problems as textbooks in fast-changing disciplines. They very quickly go out of date. They only cover elementary material of the "Cyber Essentials" flavour, which ultimately is more about assurance than reality. And they are partial, perhaps even parochial versions of the subject arrived at by committee.

Online courses also suffer link-rot and patchy VM service that breaks lessons. Unlike in-house setups, professors or students cannot debug or change the system, itself an important opportunity for learning. Besides, the track record of Cisco with respect to backdoors no longer inspires much confidence.

The other method is to create "suitcase data-centres". A box of Raspberry Pi single board computers saves the day! The Raspberry Pi Foundation, perhaps modelled after the early digital literacy drives of Acorn/BBC has done more for British education than any dozen edu-tech companies by promoting (as much as it can) openness of hardware and GNU/Linux/Unix software.

Junk laptops running Debian (Parrot Linux) and SBCs make a great teaching setup because a tangle of real network cables, wifi antennas and flashing lights helps visualise real hacking scenarios. Professors often have to supply this equipment using our own money. I rescued a pile of 1.2GHz Intel Atom netbooks from the garbage. Because we are not allowed to connect to university networks, 3/4G hotspots are necessary, again using bandwidth paid for out of my own pocket in order to run classes. Teaching cybersecurity feels like a "forbidden" activity that we sneakily have to do despite, not because of, university support.

Teaching cybersecurity reflects a cultural battle going on right inside our classrooms. It is a battle between two version of a technological society, two different futures. One an empowering vision of technology, the other a dystopian trap of managed dependency. Dan Geer, speaking in 2014 described cybersecurity as a manifestation of Realpolitik. Nowhere does the issue come so clearly to a head as in the schism between camps of Snowden or Assange supporters and the US State, each of which can legitimately claim the other a "traitor" to some ideal of "security".

At the everyday level there is a tension between what we might call real versus fake security. The latter is a festival of form over function, a circus of phones, apps and gizmos where appearance triumphs over reality. It's a racket of productised solutionism, assurance, certification and compliance that's fast supplanting actual security efforts. By contrast, the former is a quiet anathema to "security industry" razzle. It urges thoughtful, modest simplicity, slow and cautious change. It's about what you don't do.

So, in our second lesson we analyse the word "security" itself. Security is both a reality and a feeling. There are perhaps masculine and feminine flavours of security, one following a military metaphor of perimeters, penetration and targets, the other, as Eve Ensler Ensler06 and Brene Brown Brown12 allude, an inner security that includes the right to be insecure and be free from patrician security impositions "for your own good". Finally, there is the uncomfortable truth that security is often a zero-sum affair - your security means my insecurity. While "good" security is a tide that raises all ships, some people misuse security as a euphemism for wielding power.

None of these social and psychological realities fit well into the lacklustre, two dimensional models of textbook computer security. Fortunately a mature discipline of Security Engineering which does not dodge social and political factors has emerged in the UK. Ross Anderson Anderson08 is part of a team leading such work at the Cambridge Cybercrime Centre. One take-away from lesson two is that the word "security" may not be used as a bare, abstract noun. One must ask; security for who? Security from who or what? Security to what end?

Once we begin to examine the deeper issues around device ownership, implied (but infirm) trust models, forced updates, security theatre, and conflicting cyber-laws, we see that in every important respect tech is anarchy. It's a de facto "might is right" free-for-all where much of what passes for "security" for our smartphones, online banking and personal information is "ignorant bullshit" (in the strict academic sense of bullshit according to Harry Frankfurt; that vendors and politicians don't know that they do not know what they are talking about - and care even less Frankfurt05).

Consequently, much of what we teach; the canonical script of "recon, fingerprinting, vulnerability analysis, vector and payload, clean-up, pivoting, escalation, keeping root…", and the corresponding canon of blue team defence (backup, intrusion detection, defence in depth, etc…) - has no context or connection to a bigger picture. It is ephemeral pop that will evaporate as technology changes leaving students with no deeper understanding of what we are trying to do by testing, protecting and repairing systems and data, or why that even matters.

We create more guards for the castles of tech-feudalism - obedient, unthinking security guards employed to carry out the whims of the management class. Leveraged by the unspoken carrot of preferential technical privilege and enforced by the stick of threatened removal of their "security status", they become administrators of new forms of political force. Challenges to grey-area behaviours beyond the legal remit of managers, are proclaimed "security breaches" unless pursued through intractable administrative routes or through appeals that can be deflected with allusions to "policy" or the abstract "security" of unseen authorities. Some of our smartest people are ultimately paid well to shut up and never to think for themselves.

There is a very serious concern that our "Ethical Hacking" courses (which contain no study of ethics whatsoever) are just creating fresh cyber-criminals. Despite the narrative that "we are desperately short of cybersecurity graduates and there are great jobs for everyone", the reality is that students graduate into an extremely competitive environment where recruitment is often hostile and arbitrary. It doesn't take them long to figure that their newfound skills are valuable elsewhere.

Years ago, it became clear to me that we must switch to a model of "Civic Cyber Security". I became interested in the work of Bruce Schneier not as a cryptographer but as an advocate of Technology In The Public Interest. National security is nothing more than the sum-total of individual earned and learned security. That means teaching children as young as five foundational attitudes that would horrify industry.

There is no room to lie back and hope Apple or Google can protect us. Organisations like the UK's National Cyber Security Centre, or US National Security Agency, which have conflicted remits, might wish to be seen as benevolent guardians. Their output has been likened by comedian Stuart Lee to "Mr Fox's guide to hen-house security". Cybersecurity can never be magically granted by those who have a deep and lasting interest in withholding it.

The business of "personal computing" has become ugly. Cybersecurity, in as much as it exists, is a conflicted and unreliable story we tell ourselves about power and tribal allegiances. We can't put on a "good guys" hat and beat "cyber-criminals" so long as we are competing with them for the same thing, exploitable clueless users.

The only questions are whether they are to be sucked dry by ransomware, "legitimate" advertising, or manipulated for political ends. If we are to engage in sincere, truthful education, then we have to call-out Big-Tech for what it is; more a part of the problem than a solution. Those of us who want to explore and teach must still circumvent, improvise and overcome within institutions that pay only lip service to authentic cybersecurity because they are captured by giant corporations

Bibliography

Bibliography

  • [Graeber18] David Graeber, Bullshit Jobs: A Theory, Simon and Schuster (2018).
  • [Lanier11] Jaron Lanier, You Are Not a Gadget, Vintage (2011).
  • [postman93] Neil Postman, Technopoly: The Surrender of Culture to Technology, Vintage Books. N.Y. (1993).
  • [Ensler06] Ensler, Insecure at last, Villard (2006).
  • [Brown12] Brené Brown, The Power of Vulnerability: Teachings on Authenticity, Connection and Courage, Sounds True (2012).
  • [Anderson08] Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, Wiley (2008).
  • [Frankfurt05] Harry Frankfurt, On Bullshit, Princeton University Press (2005).

Footnotes:

1 A term made up to attract young students to cybersecurity while assuring parents and politicians.
About the author Dr. Andy Farnell is a computer scientist, author and visiting professor in signals, systems and cybersecurity at a range of European universities. His recent book "Digital Vegan" uses a dietary metaphor to examine technology dependency and over-consumption.

toiday's leftovers

  • Linux Weekly Roundup #158

    Welcome to this week's Linux Roundup. It was a full week of Linux releases with Endless OS 4.0.0 and Deepin 20.3. We hope that you had a good week and may the be a great one ahead!

  • Putting the Open back into Open Source

    Agility has never been more important than it is in today’s disrupted digital world. Leaders in every industry are trying to find a balance between the stability that allows them to plan for the future, while creating highly agile organisations that can quickly respond to new challenges and opportunities. This agility only comes from the ability to innovate at speed, which is why open source communities are as vital as ever. According to SUSE’s recently commissioned Insight Avenue report, Why Today’s IT Leaders are Choosing Open, 84% now see open source as a way to cost-effectively drive this innovation.

  • How To Install Snap on Ubuntu 20.04 LTS - idroot

    In this tutorial, we will show you how to install Snap on Ubuntu 20.04 LTS. For those of you who didn’t know, Snap also known as Snappy is an alternative package management tool and program package format developed by Canonical, the company behind Ubuntu Linux. All the snaps are usually stored in a central repository called Snap Store from where snaps can be downloaded and installed using the snap command. Snaps work across a range of Linux distributions, which makes them a distro-agnostic upstream software deployment solution. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Snap Package Manager on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.

  • The European Commission To Force Apple To Allow App Sideloading (NASDAQ:AAPL) | Seeking Alpha [Ed: It is NOT called SIDELOADING… it’s called INSTALLING!]

    Investors are ignoring significant regulatory developments for Apple while distracted by Apple Car speculation.

  • Unboxing Busybox: Claroty and JFrog uncovers 14 vulnerabilities

    Embedded devices with limited memory and storage resources are likely to leverage a tool such as BusyBox, which is marketed as the Swiss Army Knife of embedded Linux. BusyBox is a software suite of Unix utilities, known as applets, that are packaged as a single executable file. Within BusyBox you can find a full-fledged shell, a DHCP client/server, and small utilities such as cp, ls, grep, and others. You’re also likely to find many OT and IoT devices running BusyBox, including popular programmable logic controllers (PLCs), human-machine interfaces (HMIs), and remote terminal units (RTUs)—many of which now run on Linux. As part of our commitment to improving open-source software security, Claroty’s Team82 and JFrog collaborated on a vulnerability research project examining BusyBox. Using static and dynamic techniques, Claroty’s Team82 and JFrog discovered 14 vulnerabilities affecting the latest version of BusyBox. In most cases, the expected impact of these issues is denial of service (DoS). However, in rarer cases, these issues can also lead to information leaks and possibly remote code execution.

  • Perl Weekly Challenge 140: Multiplication Tables
  • Leaky Rakudo

    Yesterday the discord-bridge-bot refused to perform its 2nd job: EVAL All The Things! The EVALing is done via shell-out and requires a fair bit of RAM (Rakudo is equally slim then Santa). After about 3 weeks the fairly simple bot had grown from about halve a GB to one and a halve – while mostly waiting for the intertubes to deliver small pieces of text. I complained on IRC and was advised to take heap snapshots. Since I didn’t know how to make heaps of snapshots, I had to take timo’s directions towards use Telemetry. As snap(:heap) wasn’t willing to surrender the filename of the snapshot (I want to compress the file, it is going to get big over time) I had a look at the source. I also requested a change to Rakudo so I don’t have to hunt down the filename, which was fulfilled by lizmat 22 minutes later. Since you may not have a very recent Rakudo, the following snipped might be useful.

  • Nemiver debugger now in devx SFS

    Mike (mikewalsh) responded with a great link that lists lots of Linux debugger/trace tools. The EasyOS devx SFS already has the 'gdb' CLI utility, and I saw on that link, there are 'ddd' and 'nemiver' GUI frontends for gdb. I went for nemiver and compiled it. The project seems to be almost dead, but then, if it works, perhaps no need for more commits to the git repository. I chose version 0.8.2, not the latest, but it suited me to stay with a gtk+2 based app rather than gtk+3. Two dependencies, 'gtkmm' and 'libgtop', are compiled in OpenEmbedded. I compiled 'libgtksourceviewmm' and 'nemiver' in a running EasyOS and made them into PETs.

Kernel and Graphics: Linux Stuff and GPUs

  • Facebook/Meta Tackling Transparent Page Placement For Tiered-Memory Linux Systems - Phoronix

    Back during the Linux 5.15 cycle Intel contributed an improvement for tiered memory systems where less used memory pages could be demoted to slower tiers of memory storage. But once demoted that kernel infrastructure didn't have a means of promoting those demoted pages back to the faster memory tiers should they become hot again, though now Facebook/Meta engineers have been working on such functionality.  Prior to the Linux 5.15 kernel, during the memory reclaim process when the system RAM was under memory pressure was to simply toss out cold pages. However, with Linux 5.15 came the ability to shift those cold pages to any slower memory tiers. In particular, modern and forthcoming servers with Optane DC persistent memory or CXL-enabled memory, etc. Therefore the pages are still accessible if needed but not occupying precious system DRAM if they aren't being used and to avoid just flushing them out or swapping to disk. 

  • Linux 5.17 To Boast Latency Optimization For AF_UNIX Sockets - Phoronix

    Net-next has been queuing a number of enticing performance optimizations ahead of the Linux 5.17 merge window kicking off around the start of the new year. Covered already was a big TCP optimization and a big improvement for csum_partial() that is used in the network code for checksum computation. The latest optimization is improving the AF_UNIX code path for those using AF_UNIX sockets for local inter-process communication.  A new patch series was queued up on Friday in net-next for improving the AF_UNIX code. That patch series by Kuniyuki Iwashima of Amazon Japan is ultimately about replacing AF_UNIX sockets' single big lock with per-hash locks. The series replaces the AF_UNIX big lock and also as part of the series has a speed-up to the autobind behavior. 

  • Nvidia Pascal GPU, DX12 and VKD3D: Slideshow time! - Boiling Steam

    So Horizon Zero Dawn had a sale recently on Fanatical, and I thought… OK I’ll grab it! It’s time. I first installed it on my workstation that only has a GTX1060 3GB GPU – not a workhorse but a decent card nonetheless for low-to-medium end gaming. I knew very well that Horizon Zero Dawn is a DX12 game and that Pascal architecture (Nvidia 10xx basically) and earlier versions do not play very well with DX12 games running through vkd3d-proton, the DX12 to Vulkan translation layer. Still, I could imagine getting somewhere around 30 FPS on low-to-medium settings, and use FSR if necessary to get to better framerates. Nothing prepared me for the performance I was about to experience.

Linux 5.16-rc3

So rc3 is usually a bit larger than rc2 just because people had some
time to start finding things.

So too this time, although it's not like this is a particularly big
rc3. Possibly partly due to the past week having been Thanksgiving
week here in the US. But the size is well within the normal range, so
if that's a factor, it's not been a big one.

The diff for rc3 is mostly drivers, although part of that is just
because of the removal of a left-over MIPS Netlogic driver which makes
the stats look a bit wonky, and is over a third of the whole diff just
in itself.

If you ignore that part, the statistics look a bit more normal, but
drivers still dominate (network drivers, sound and gpu are the big
ones, but there is noise all over). Other than that there's once again
a fair amount of selftest (mostly networking), along with core
networking, some arch updates - the bulk of it from a single arm64
uaccess patch, although that's mostly because it's all pretty small -
and random other changes.

Full shortlog below.

Please test,

             Linus
Read more Also: Linux 5.16-rc3 Released With Alder Lake ITMT Fix, Other Driver Fixes - Phoronix

Games: Warhammer and More

Filed under
Gaming
  • VR-exclusive Warhammer Age of Sigmar: Tempestfall is out, works on Linux with Proton | GamingOnLinux

    Ready to sweat a little? Jump into the bleak fantasy world of the VR-exclusive Warhammer Age of Sigmar: Tempestfall. Note: key provided for us.

    A new release from Carbon Studio, in Warhammer Age of Sigmar: Tempestfall you carry the mighty powers of a Lord-Arcanum to deliver justice through the Realm of Death. Defy the odds in challenging battles, outsmart the dark forces, and grow your power by upgrading your magical weapons to gain an edge in combat.

    Played on Linux with the Steam Play Proton compatibility layer, it's mostly smooth Warhammer melee action. Currently with Proton Experimental (Proton GE did not work at all) the main issue is small videos not loading, like the tutorial videos but it doesn't really detract from the overall experience, thankfully as the developer also explains with text below each video. As with any newer game running through Proton, there was some stuttering while building up a shader cache too, hopefully as more people play it this will be less of an issue for Linux VR gamers since there will be shaders to download from Steam.

  • The Imperium Is Driven by Hate. Warhammer Is Not.

    There are no goodies in the Warhammer 40,000 universe.

    None.

    Especially not the Imperium of Man.

  • Diving Into China's Draconian Video Game Regulations

    Even if you're against these particular regulations (what are you, in favor of fun, you monster?), there are plenty of times when China's gaming laws make more sense than ours. For instance, banning games that are entirely about simulated sexual assault, or calling out tech and gaming companies for infringing on users' rights and preventing them from building monopolies.

Kernel: Xen, Zhouyi, and Video Acceleration API (VA-API)

Filed under
Linux

  • Xen pvUSB Linux Driver Patches Updated, More Than 10 Years In The Making - Phoronix

    An effort recently restarted that originally dates back many years is the "pvUSB" front-end driver for Linux to allow physical USB devices to be used within Xen domains. 

    Juergen Gross of SUSE has recently been working on this driver that dates back to the original pvUSB implementation for the Linux 2.6 kernel in 2008 by Fujitsu engineers. 

    This year he has taken to getting that code cleaned up and working against the latest upstream state of the kernel and other basic changes. While Xen is not as popular as it once was, there still are users interested in seeing this USB device support for Xen para-virtualized use-cases. 

  • Linux Driver For Arm China's Zhouyi AI Accelerator Proposed, But Lacks Open User-Space - Phoronix

    The Zhouyi AI accelerator was developed by Arm China and is found in some SoCs so far. An open-source Linux kernel driver is being worked on for it but unfortunately for now at least any mainline ambitions are immediately stalled over the lack of an open-source user-space/client. 

    A Baidu engineer posted a set of patches implementing the Zhouyi AI accelerator support in a new "zynpu" driver for the kernel. The more than five thousand lines of code provide this initial support. The Zhouyi AI accelerator is found in some Arm SoCs like the Allwinner R329. 

  • Dave Airlie: video decode: crossing the streams

    I was interested in how much work a vaapi on top of vulkan video proof of concept would be.

    My main reason for being interested is actually video encoding, there is no good vulkan video encoding demo yet, and I'm not experienced enough in the area to write one, but I can hack stuff. I think it is probably easier to hack a vaapi encode to vulkan video encode than write a demo app myself.

    With that in mind I decided to see what decode would look like first. I talked to Mike B (most famous zink author) before he left for holidays, then I ignored everything he told me and wrote a super hack.

  • Airlie Exploring Possibility Of VA-API On Top Of Vulkan Video - Phoronix

    Well known open-source Linux graphics expert David Airlie of Red Hat has recently been working on early Vulkan Video support for Mesa's Radeon "RADV" and Intel "ANV" drivers. As part of that effort and in part due to lack of software making use of Vulkan Video extensions right now, he has started exploring the feasibility of implementing the Video Acceleration API (VA-API) atop Vulkan Video.

    Airlie explained today that he has been investigating the possibility of VA-API on top of Vulkan Video, namely on the video encode side for not having any good software out there at the moment exercising the Vulkan Video encode extensions.

Google Pixel 6 and Pixel 6 Pro are seeing work for mainline Linux kernel support

Filed under
Linux
Google

The Google Pixel 6 and the Pixel 6 Pro are the first smartphones powered by the company’s in-house Tensor SoC. They also shipped with Android 12 out-of-the-box, and if you take a look at the kernel sources, you can find Linux kernel 5.10 under the hood. If you’ve already bought either device for the sake of aftermarket development, then you’ll be happy to know that Google has recently started populating a mainline Linux kernel 5.15 branch for the Pixel 6 family. What’s more interesting is that XDA Recognized Developer Freak07 has already managed to compile and boot the mainline kernel release for the device duo.

Read more

IBM/Red Hat Leftovers

Filed under
Red Hat
  • IT hiring: 5 ways to attract talent amidst the Great Resignation

    With IT job opportunities so competitive right now, professionals are leaving their roles more quickly than recent grads are able to fill them. But even on small teams, it is possible to compete with big players and attract and hire top talent.

    These days, employees are prioritizing flexibility. Having proven that they are just as productive (if not more) working from home, many folks are unwilling to go back to in-person full-time. Building out flexible work policies, focusing on upskilling, and offering competitive benefits should be a part of your plan to create a work environment tailored to the 2021 employee.

    But how do you get the right candidates in the door? Here are five ways to attract top talent that might also land your organization on the Best Places to Work list!

  • Normalize web services with Camel K and AtlasMap, Part 1

    This two-part series walks through a simple way to normalize and connect services through Camel K, a part of the Apache Camel project. The scenario in this article addresses a common problem today: Organizations find themselves with a menagerie of different services using different APIs, perhaps because of partnerships or acquisitions.

    Apache Camel makes it easy to harmonize and normalize the APIs, and its Camel K extension brings Apache Camel's operations to Kubernetes, allowing containers to expose these endpoints.

    In this article, we will focus on the benefits of choosing this framework and provide an overview of our base integration flow using Camel K to normalize a backend API. Part 2 will show you how to implement the integration flow step-by-step. We'll also cover how to simplify data mapping with AtlasMap.

  • Change deployments on the fly in OpenShift 4.8 | Red Hat Developer

    Red Hat OpenShift 4.8 introduces a very valuable—and possibly very dangerous—new feature: The ability to use a form-based editor to edit deployments. In earlier versions of OpenShift, you could edit the YAML for a Deployment object. In OpenShift 4.8, you can now do the same thing with a fill-in-the-blanks form, so you don't need to know the proper YAML formatting for values, lists, and dictionaries. The form can also prompt you with existing values where appropriate.

    Keep reading to learn why the new form-based editor is both an exciting feature and a double-edged sword.

Helvum and EasyEffects: Two great applications for PipeWire users

Filed under
Red Hat
Software

For a piece of software infrastructure, nothing is more important than good applications to showcase it’s features and demonstrate the possibilities it enables. Fortunately there is a very large body of existing applications because PipeWire implemented the PulseAudio and Jack APIs. This article highlights some of the great efforts undertaken in the community around creating interesting applications for PipeWire in an interview with the maintainers of two of the most popular applications built with PipeWire. They are Wellington Wallace, maintainer of EasyEffects for PipeWire and Tom Wagner, maintainer of the Helvum patchbay application for PipeWire.

Read more

Also: Rebasing Fedora Silverblue to Kinoite

MicroOS Expands Security With Keylime

Filed under
SUSE

Recently MicroOS gained some new options in relation with security. The distribution has now integrated Keylime, an open source project for doing remote attestation with TPMs.

If you follow the news about Windows 11, you are aware of what is a TPM. The Trusted Platform Module (TPM) is a cryptoprocessor, described by the Trusted Computing Group (TCG) in a specification that has been standardized in a ISO/IEC document. You can find the TPM already soldered in the mainboard of your computer, but they can also be found as a service in the firmware, or inside your CPU.

This co-processor can be used for many tasks related with security. For example, we can use it to generate symmetric and asymmetric keys, encrypt some memory blocks (not too big, as they are a bit slow), or to as storage for keys that can be used only for us (or applications that have permissions).

Read more

today's howtos

Filed under
HowTos
  1. How to apply a chroma key using ImageMagick

    Yesterday, I wrote a short post on the fediverse with an overview of how to take a screenshot of an app with a context menu showing in elementary OS, while keeping its alpha channel and drop shadow using Krita.

  2. Useful Tmux Configuration Examples

    This article is part 2 of my tmux series. In the previous article, you learned how to use tmux: what tmux is, how to manage multiple terminals, and how to use tmux's powerful features. However, in that article, I didn't cover much how to customize tmux. This is what this article is for. Here you'll learn some configurations that I use.

    My hope is that by exposing a list of my personal tmux configurations and my reasoning behind them, you will see a general pattern and understand it enough to make tmux your own.

  3. Beginners

    Here's the final recap. In this guide, we learned about tmux session, window, pane, and server. We learned about their relationships with each other. We also learned a little about configuring tmux. In the next article, you will learn more about configuring tmux in detail. I will update this guide with the link to the next article when it is ready.

  4. Install Zentyal and Add Windows to Primary Domain Controller

    This series will be titled Preparation for the setting up and managing Zentyal as PDC (Primary Domain Controller) through Parts 1-14 and covers the following topics.

  5. How to Access Command History on Linux

    With a large and mature feature set, it's easy to see why Bash is the default shell on many Linux distributions. It faces competition for power users, however, from alternatives such as Zsh.

  6. Setting up an NFS Server and Client on Debian 9 (Stretch)

    This guide explains how to set up an NFS server and an NFS client on Debian 9. NFS stands for Network File System; through NFS, a client can access (read, write) a remote share on an NFS server as if it was on the local hard disk. In this Tutorial, I will show you two different NFS exports, the export of a client directory that stores files as user nobody/nogroup without preserving filesystem permissions and a export of the /var/www directory which preserves permissions and ownership of files, as required on a hosting server setup.

  7. How to Install balenaEtcher on Debian 11 Bullseye - LinuxCapable

    balenaEtcher is a free and open-source flashing utility tool famous for writing image files such as .iso and .img files and zipped folders onto storage media to create live SD cards and USB flash drives. balenaEtcher has cross-platform support on Linux, BSD, macOS, and Windows and is developed by balena and licensed under Apache License 2.0.

    In the following tutorial, you will learn how to install baelnaEtcher on Debian 11 Bullseye and how to create a Linux distribution boot disk.

  8. How to create an EC2 Instance using Python Boto3

    In this article we will see how we can create an EC2 instance using Python Boto3. We will use the "create_instances" method to create an instance. There are many more methods that come under EC2 instance service, to know about them visit the official page of Boto3 here. All these different methods help create different resources which come under EC2 Service of AWS.

  9. How to install Mysql Server 8 on Debian 11 – Citizix

    MySQL is an open-source relational database management system. Its one of the popular relational management system.

    Mysql is commonly installed as part of the popular LAMP or LEMP (Linux, Apache/Nginx, MySQL/MariaDB, PHP/Python/Perl) stack. It implements the relational model and Structured Query Language (SQL) to manage and query data.

    In this guide we are going to install mysql 8 on Debian 11.

  10. How to install Toontown Rewritten 1.3.0 on a Chromebook

    Today we are looking at how to install Toontown Rewritten on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

  11. How to install and set up Jenkins in Debian 11

    In this Guide we are going to learn how to install and configure Jenkins in a Debian 11 Server.

    Jenkins is a popular opensource automation tool to perform continuous integration and build automation. Jenkins allows to execute a predefined list of steps, e.g. to compile golang source code to build build binary file. The trigger for this execution can be time or event based.

  12. How to play Roblox on Linux

    Roblox is officially supported on a wide range of platforms, but Linux is missing from that list. Though it doesn’t have official support, you can still play Roblox on Linux.

    It takes effort to get Roblox running on Linux. But it isn’t impossible. The trick is to use the Wine compatibility layer. This will allow Windows programs to run on Linux like Roblox Player and Studio.

  13. Analyzing Webserver logs with Logstalgia - LinuxTechLab

    There are many tools available to analyze the web server logs but none is as interesting as logstalgia. Logstalgia is a real-time website visualization tool that analyzes the web server logs & presents them in a manner that server logs appear like they are playing ping-pong.

    Requests appear as colored balls (the same color as the host) which travel across the screen to arrive at the requested location. Successful requests a

  14. dust command in Linux - Unixcop the Unix / Linux the admins deams

    Hello, friends. In this post, we will help you with another great little utility for our terminal. Today you will learn how to use the dust command in Linux. This command allows us to have a more advanced view of the disk size of system directories.

  15. Merge changes with git diff and patch | Enable Sysadmin

    Sysadmins modify lots of files. Sometimes they're code. Other times they're configuration files, YAML playbooks, XML, policy documents, kickstart files, and probably a few takeaway lunch orders, too. It's important to track what you've changed and share your changes with others who may need to adjust their local copies of files.

Best Free and Open Source Alternatives to Adobe XD

Filed under
Software
OSS

We are long-standing admirers of Adobe’s products. They develop many high quality proprietary programs. It’s true there are security and privacy concerns in relation to some of their products. And there’s considerable criticism attached to their pricing practices. But the real issue is Adobe Creative Cloud does not support Linux. And there’s no prospect of support forthcoming.

What if you are looking to move away from Adobe and embark on a new world of online freedom, where you are not tracked, monetised and attached to Adobe’s ecosystem. We only recommend free and open source alternatives. Our recommended software don’t necessarily replicate every feature of their Adobe counterparts but they offer sufficient functionality for many tasks.

Read more

5 open source alternatives to Microsoft Exchange

Filed under
OSS

For decades, Microsoft Exchange has ruled the market for email and groupware services. This top dog dominates the corporate world, and the omnipresent Outlook mail client has become the de facto standard for groupware. Since Exchange is closely integrated with Microsoft's Office products, users have access to a wide variety of productivity software and features, whether they're using a desktop or a mobile client.

However, many companies have concerns about storing their data in the Microsoft cloud. In this article, I look at some open source alternatives and their advantages. It's not just about becoming vendor-independent and reducing costs; it's about using software with open standards and a different level of security—for the groupware server itself and the operating system behind it.

Read more

Amazon Linux 2022 Launched, Completely Re-based with Fedora

Filed under
Linux
News

Amazon Linux 2022 to be based upon Fedora Linux and available via AWS AMIs. We wrap up the announcement and express our views about this change in terms of FOSS ecosystem.
Read more

today's leftovers

Filed under
Misc
  • Use symbolic constants instead of magic numerical constants – EasyHack

    There are many situations that you need to use numerical constants in your code. If you use numerical literal values directly instead of symbolic constants, it can cause problems. For example, consider this piece of code that calculate area of a circle:

    double area = 3.14 * r * r;

    This is not OK, because:

    1. The value of π is not 3.14 nor 3.141592. π is an irrational number, and the suitable value depends on the number of decimal places that you can/want to use among unlimited decimals of π.

    2. Suppose that you want to change the numerical literal to increase the number of decimals that you use. You should search for 3.14, and check one by one to see if it is actually π, or it is another 3.14 unrelated to the well-known mathematical constant.

  • WhiteSource Adds SBOM Tool That Lists Vulnerabilities [Ed: WhiteSource is almost a de facto Microsoft proxy [1, 2, 3]]

    WhiteSource has added a software bill of materials (SBOM) tool to its portfolio that, in addition to capturing the components of an application, also surfaces vulnerabilities that should be addressed.

  • Entire Rust moderation team resigns • The Register

    The Rust language community is in disarray following the resignation of the entire moderation team, citing the "structural unaccountability" of the core development team.

    The moderation team, represented by Andrew Gallant, posted its resignation to GitHub yesterday, stating that it was "done in protest of the Core Team placing themselves unaccountable to anyone but themselves."

    Therefore, the post goes on to explain, "we have been unable to enforce the Rust Code of Conduct [CoC] to the standards the community expects of us."

  • FSFE Calls for 'Device Neutrality' in EU's Proposed 'Digital Markets Act' - FOSS Force

    In a press release issued Monday ahead of a planned preliminary vote on the EU’s proposed Digital Markets act by the Internal Market and Consumer Protection Committee, the Free Software Foundation Europe called for device neutrality to be included in the proposed law.

    The German-based FSFE is a sister organization to the Free Software Foundation, although the two are legally and financially separate entities

    “On the imminent voting of the Digital Markets Act – the latest EU proposal on internet platform regulation – the FSFE demands device neutrality as a fundamental element for safeguarding consumer protection in open, fair, and contestable digital markets,” the FSFE said in its statement.

  • Software Freedom Conservancy donors challenged with largest match yet - Software Freedom Conservancy

    Donations will be matched (up to $159,191) thanks almost entirely to contributions by a few very generous anonymous donors. Contributions by individuals keep Software Freedom Conservancy afloat, and it's with your help that we are empowered to do the vital and sometimes overlooked work in software freedom. We also have some gracious donors who brought the amount up a little more to the prime number you see above: Chris Neugebauer and Josh Simmons, Mark Galassi, Stephen Paul Weber, Tony Sebro, and VM Brasseur are contributing to our match fund and encourage others to give as well.

  • Deepin 20.3 Run Through - Invidious

    In this video, we are looking at Deepin 20.3. Enjoy!

  • Deepin 20.3

    Today we are looking at Deepin 20.3. It comes with Linux Kernel 5.10 and uses about 1.5 - 1.9GB of ram when idling.

  • Crusader Kings III: Royal Court releases February 8, 2022 | GamingOnLinux

    With the Crusader Kings III: Royal Court expansion, would-be monarchs will have new ways to manage courts, build nations, and display the prestige of their dynasty for everyone in the realm to see. It's now set to release on February 8, 2022.

    This is the first major expansion for the game, that has gone on to receive a very warm reception from players both new and old with it seeing now over 42,000 user reviews on Steam with a Very Positive rating. We enjoyed it a lot here too, so we're also very much looking forward to this!

  • Vulkan 1.2.200 Released With Two New Extensions - Phoronix

    Out today is Vulkan 1.2.200 as the newest spec revision to the Vulkan graphics/compute API.

    With Vulkan 1.2.200 is the usual assortment of clarifications and corrections to this leading cross-platform graphics API. But besides that usual documentation churn, there are also two new extensions: VK_ARM_rasterization_order_attachment_access and VK_EXT_depth_clip_control.

  • Linux Prepares For Next-Gen AMD CPUs With Up To 12 CCDs - Phoronix

    The latest Linux kernel patches confirm that next-gen AMD Zen processors are capable of featuring up to twelve CCDs.

    Currently the k10temp Linux driver for temperature monitoring of AMD processors can handle up to eight core-complex dies (CCDs) while next-gen AMD Zen processors will have configurations up to 12 CCDs to accommodate higher core counts.

    The latest Linux patches explicitly say, "The newer AMD Family 19h Models 10h-1Fh and A0h-AFh can support up to 12 CCDs. Update the driver to read up to 12 CCDs."

IBM/Red Hat: Scott McCarty and TCS

Filed under
Red Hat
  • 253: Keepin IT RHEL with Red Hat's Scott McCarty - Destination Linux

    This week’s episode of Destination Linux, we are speaking with Scott McCarty of Red Hat about their latest RHEL innovations. Then we talk a little Dungeons & Dragons with a callout to the community to get a D&DLN live session going. Plus we’ve also got our famous tips, tricks and software picks. All of this and so much more this week on Destination Linux. So whether you’re brand new to Linux and open source or a guru of sudo. This is the podcast for you.

  • Scott McCarty: What is open core? [Ed: Proprietary software disguised as “open”, i.e. #openwashing]

    What is open core? Is a project open core, or is a business open core? That's debatable. Like open source, some view it as a development model, others view it as a business model. As a product manager, I view it more in the context of value creation and value capture.

  • Deep dive into application integration with our TCS partner – IBM Developer

    Integrating and connecting your various applications with the right data across multiple clouds can be a daunting task. IBM Cloud Pak for Integration is an enterprise-ready, containerized software solution containing all the tools you need to integrate and connect application components and data within and between clouds. These tools include application integration, API integration, enterprise messaging and event streaming.

    Earlier this year, I collaborated with Santhosh Ramanathan, a Cloud Pak for Integration (CP4I) Consultant from TCS, to develop an entire series on all the significant features of CP4I for the Partner Developer Success Program. TCS, a leading global IT services, consulting, and business solution organization, has been an incredible partner with IBM. This program was built with a focus on educating the developer community through partner collaboration. We decided to work together to break our series into three significant parts. Here is how it went:

Firefox on EGL and PPC

Filed under
Moz/FF
  • Firefox Brings The Fire: Shifting From GLX To EGL | Hackaday

    You may (or may not) have heard that Firefox is moving from GLX to EGL for the Linux graphics stack. It’s an indicator of which way the tides are moving in the software world. Let’s look at what it means, why it matters, and why it’s cool.

    A graphics stack is a complex system with many layers. But on Linux, there needs to be an interface between something like OpenGL and a windowing system like X11. X11 provides a fundamental framework for drawing and moving windows around a display, capturing user input, and determining focus, but little else. An X11 server is just a program that manages all the windows (clients). Each window in X11 is considered a client. A client connects to the server over a Unix process socket or the internet.

    OpenGL focuses on what to draw within the confines of the screen space given by the window system. GLX (which stands for OpenGL Extension to the X window system) was originally developed by Silicon Graphics. It has changed over the years, gaining hardware acceleration support and DRI (Direct Rendering Interface). DRI is a way for OpenGL to talk directly to the graphical hardware if the server and the client are on the same computer. At its core, GLX provides OpenGL functions to X11, adds to the X protocol by allowing 3d rendering commands to be sent, and an extension that reads rendering commands and passes them to OpenGL.

  • Do you run Void on your Power Mac?

    If so, heads up, because builds for your configuration may be ending soon (along with Void PPC on big-endian platforms generally). If you want this to continue, and you've got the interest, chops or gumption, you can help by becoming a maintainer -- take a look at the Void PPC Github. Most of you are probably running the glibc variant, which will end by January 2023, but if you are running musl-based packages those repos will be taken down by the end of 2021. Don't whine to the maintainer, please: the current matrix is four different repos which all require their own maintenance and builds. Even just 32-bit glibc would probably benefit a whole lot of people and yourself. If this is important to you, there's no time like the present to step up.

today's howtos

Filed under
HowTos
  • How to install Python 3.11 on Fedora 35 – NextGenTips

    In this tutorial, we are going to learn how to install Python 3.11 on Fedora 35.

    Python programming language is an interpreted high-level general-purpose programming language. Its design philosophy emphasizes code readability with its use of significant code indentation.

    We can begin by installing a python 3 interpreter on our system. This is a program that reads Python programs and carries out their instructions, you need it before you can begin python programming.

  • How to install and configure MongoDB 5 on Ubuntu 20.04

    In this guide we are going to learn how to install MongoDB 5.0 Community Edition on an Ubuntu 20.04 server.

    MongoDB is a cross-platform document-oriented NoSQL database program that uses JSON-like documents with optional schemas. MongoDB is developed by MongoDB Inc. and licensed under the Server Side Public License.

    MongoDB was built for people building internet and business applications who need to evolve quickly and scale elegantly. Companies and development teams of all sizes use MongoDB for a wide variety of reasons.

    Instead of storing data in tables of rows or columns like SQL databases, each record in a MongoDB database is a document described in BSON, a binary representation of the data. Applications can then retrieve this information in a JSON format.

  • How to install and set up Jenkins in FreeBSD 13

    In this Guide we are going to learn how to install and configure Jenkins in a FreeBSD 13 Server.

    Jenkins is a popular opensource automation tool to perform continuous integration and build automation. Jenkins allows to execute a predefined list of steps, e.g. to compile golang source code to build build binary file. The trigger for this execution can be time or event based.

  • How to watermark a UTF-8 plain text file

    Watermarking plain text isn't easy. Plain text files don't have headers (or magic numbers), and although you can insert invisible control characters, those characters may get revealed by text editors and word processors.

  • How To Install Wireguard on Debian 11 - idroot

    In this tutorial, we will show you how to install Wireguard on Debian 11. For those of you who didn’t know, Wireguard is one of the well-known and a great open-source VPN solutions. Wireguard aims for better performance and more power than IPsec and OpenVPN. Wireguard protocol passes traffic over UDP.

    This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the Wireguard VPN server on a Debian 11 (Bullseye).

Audio/Video: WordPress and More

Filed under
GNU
Linux
Software
  • A Look at WordPress 5.9

    WordPress 5.9 is expected to be a ground-breaking release. It will introduce the next generation of themes with Twenty Twenty-Two joining the fun and over 30 theme blocks to build all parts of your site. In anticipation of the January 25th release, we hope you enjoy this sneak peek of 5.9.

    New design tools will allow you to create exactly what you want, from adding filters to all your images to fine-tuning the border radius on all your buttons. With WordPress 5.9 providing more design control along with streamlined access to patterns, you can easily change the entire look and feel of your site without switching themes.

  • Zenith: Like Htop But With Zoomable Graphs? - Invidious

    It's been a while since we last looked at an htop clone but there's shortage of them, this is zenith is like htop but also with zoomable graphs. At the time of recording the Github made no indication of the GPU graph only being available on Nvidia cards, I recorded this about 2 months ago and in that time nothing major has changed.

  • Linux Command-Line Tips & Tricks: Over 15 Examples! - Invidious

    The number of command combinations you can come up with on the Linux command-line is seemingly endless, and there are some real gems out there that you might not know about. In this video, Jay goes over some of his favorite command combos, time-saving tricks, and other various tips he wish he learned sooner.

Security Leftovers

Filed under
Security
  • Imunify360 Flaw Can Lead to Code Execution [Ed: Security should never be an "addon"; it should be a design trait]

    There is a vulnerability in some versions of the Imunify360 web server security platform that can allow an attacker to execute arbitrary code in some specific circumstances.

    The vulnerability is a PHP deserialization issue and it exists in versions 5.8 and 5.9 of Imunify360, a product designed to detect malware and other security issues on web-hosting servers. Researchers at Cisco Talos discovered the vulnerability, which is in the Ai-Bolit functionality of the product. The researchers found that an attacker can exploit it in a couple of different ways.

  • Guarding against DCSync attacks

    Gaining access to domain admin credentials is part of the endgame in many sophisticated attacks where threat actors are trying to maintain persistence. One of the ways that adversaries accomplish this is through DCSync attacks.

  • Attackers Will Flock to Crypto Wallets, Linux in 2022: Podcast [Ed: They now post "SPONSORED CONTENT" attacking the security credibility of Linux]
  • Addressing CPAN vulnerabilities related to checksums

    This blog post addresses checksum and signature verification vulnerabilities affecting CPAN, the cpan client, and the cpanm client, which were published in a security advisory on 23rd November 2021. If you're not aware of this topic, you might like to start by reading the advisory. This post gives a high-level description of the issues, what has been done to address them, what is still left to do, and what you should do. If you have any questions on this, you can add comments here, or email the PAUSE admins (modules at perl dot org).

    Before we dig into the details, we'll first give an overview of how the relevant parts of the CPAN ecosystem work.

today's howtos

Filed under
HowTos
  1. How to play Fable Anniversary on Linux

    Fable Anniversary is a remaster for Fable: The Lost Chapters by Lion Head Studios and Microsoft Game Studios. The remake was released on Steam in 2014, and there is no plan for a Linux release. However, with a few tweaks, you can get the game working on Linux.

  2. How to install the Elementary OS desktop on Arch Linux

    Elementary OS is a great operating system with a beautiful desktop environment. Unfortunately, Elementary OS’s desktop is attached to Ubuntu. While Ubuntu is a decent operating system, it’s not as versatile as Arch Linux.

    If you love Arch Linux and want to use the Elementary OS desktop environment, you can. The Pantheon desktop is now in the official Arch Linux repos and can be installed. Here’s how to get it working on your system.

  3. Really lossy compression of JPEG

    Suppose you have a tool that archives images, or scientific data, and it has a test suite. It would be good to collect sample files for the test suite, but they are often so big one can't really bloat the repository with them.

    But does the test suite need everything that is in those files? Not necesarily. For example, if one's testing code that reads EXIF metadata, one doesn't care about what is in the image.

    That technique works extemely well. I can take GRIB files that are several megabytes in size, zero out their data payload, and get nice 1Kb samples for the test suite.

  4. LibreOffice Releases User Guides for Impress and Calc 7.2 - FOSS Force

    LibreOffice, the open source office productivity suite, announced on Tuesday the release of new user guides for two components of LibreOffice 7.2.

    Available now for free download are Impress Guide 7.2, for the suite’s slide presentation component (similar to PowerPoint), and Calc Guide 7.2, for LibreOffice’s spreadsheet component. A guide is already available for LibreOffice Writer 7.2, as well as a 7.2 Getting Started guide.

    These are remarkably complete guides, with the smallest (Impress) weighing in at 372 pages and the largest (Calc) containing 547 pages.

  5. Jolla/Sailfish OS: Developing our Developer Docs

    From a technical perspective Jolla has for a long time operated a three-pillar strategy; those pillars being Sailfish OS, Android App Support and our Developer Offering. If you watched Sami’s recent presentation at the ten year celebrations in Berlin, you’ll have seen the last of these highlighted as one of our unique assets: a “World-Class Developer Experience”.

  6. How to install Balena Etcher on Debian 11 Bullseye - Linux Shout

    Tutorial to install and run Balena Etcher on Debian 11 Bullseye Linux using command line terminal (repository) or portable AppImage.

    Etcher, an open-source tool to write ISO/Image files on a USB stick or SD card. It is available to run for all mainstream OS such as Linux, Windows, and macOS. Furthermore, in addition to the installer version, Windows also has a portable Etcher version that can be used without installation

    Using this program to write image files to removable media. It supports various image formats are * .iso , * .img , * .bin and also packed variants. The program also recognizes whether the image is bootable. Optionally, the successful write process can also be compared with the image file in order to identify damaged data carriers.

  7. The Calc Guide 7.2 is at the Station!

    This 548 pages guide is for beginner to advanced users of Calc, the spreadsheet component of LibreOffice. You may be new to spreadsheet software, or you may be familiar with another program, this book covers the main features of Calc. The new Calc guide has been updated from Calc Guide 7.1. It covers changes that are visible in the user interface, including the new Search Commands tool, the global toolbar lock, details of the properties dialog, improvements in the Status and Sidebar, new menu entries, standard filter dialog and new cross-shaped cursor.

    The book also introduced contents on user interface variants, AutoInput tool, the Find toolbar, the Paste Special dialog, the AutoFilter tool, template dialogs, QR code generation, multi-column feature for text boxes, updates on the Solver, Print, PDF and Certificate dialogs, as well as External data tool for HTML tables, updates on the Scriptforge library and the new built-in UNO object inspector.

  8. How and When to Update openSUSE Tumbleweed | Blathering – CubicleNate's Techpad

    I am often asked how often and when I update my openSUSE Tumbleweed machines. There are lots of opinions out there and many of them might be more right than my own, but my method has been reliable for my uses for about four years and counting. I run openSUSE Tumbleweed and openSUSE Leap on various machines using multiple architectures and I am quite confident that my methods are sound. Ultimately, the frequency you update has to work with you, your use cases and your network limitations. It should also be noted, when doing an “update” in Tumbleweed, it is a full on Distribution Upgrade, not just the updating of packages as you would perform on an openSUSE Leap machine. I am using “Update” in the most general term possible. I had must consternation over this title, as a consequence of knowing the difference between update and distribution-upgrade.

    It is generally considered best to keep your system as up to date as possible, at all times to prevent nefarious actors from gaining access to your system and your data. I also realize that this is not always practical and as such have been noodling around what kind of frequency once should do their updates. This is a question I receive rather frequently and decided that I am going to blather a bit about how and when to update while including some of the difficulties I have experienced over the year.

  9. Using SlickStack to Install WordPress Automatically on Ubuntu 20.04 - ByteXD

    SlickStack is essentially a collection of scripts for quickly and easily installing WordPress, with Nginx1 as a web server, on Ubuntu LTS.

    It aims at making it easier for users to deploy lightweight, fast and secure WordPress websites, and guides users and helps them secure their server during the installation process.

    This is especially useful for new users who just need to painlessly setup a fast and secure WordPress website on a cheap Ubuntu server, which can be cheaper and faster than paying for shared hosting. These servers usually cost $5-$10.

    The philosophy of SlickStack can be found towards the end of their main page at slickstack.io. That, along with the fact that the developer is very experienced in web hosting and passionate about the project, are the factors that I think make SlickStack worth considering for your projects.

    The developer is very helpful and frequently asks for feedback regarding the direction of SlickStack, so they can improve. This is very important, because if you adopt a software for your long term project, you want to know that software will stay up-to-date, will get new features, and will patch any potential vulnerabilities.

    In this article we’ll go over how to use SlickStack to install WordPress on a server running Ubuntu 20.04 LTS, as well as give you a basic overview of some of its options. We won’t be able to cover all of its options, however, so be sure to check their Github and slickstack.io for more in-depth info.

Kernel: Linux in Android, Networking Optimisations, and CFS Zen Tweaks

Filed under
Linux
  • Google’s Generic Kernel Image is the next step towards solving Android’s fragmentation problem

    Google has been working on reducing fragmentation on Android for years, though part of the cause of that is the inherent nature of Android and the dual-edged sword of choice and freedom. There are countless OEMs active in the space, and all of them want to make their own modifications for their own devices. The problem then is that it looks like Android OS updates are slow to roll out across the board, but there’s not a lot that Google can actually do to force OEMs to update their devices. As such, the next best thing that Google can do is make the update process as easy and frictionless as possible.

  • Another Sizable Performance Optimization To Benefit Network Code With Linux 5.17 - Phoronix

    Last week I wrote about a big TCP performance optimization having been queued up into net-next for Linux 5.17. That optimization can yield significant TCP throughput improvements especially with today's high-end 100Gb+ network hardware. There is now another separate juicy optimization to benefit the Linux network performance in the next kernel cycle.

    This completely separate optimization but that will also benefit the Linux 5.17 network code path is optimizing the x86_64 csum_partial() function. This latest optimization also comes from Google's Eric Dumazet.

  • Get Better Desktop Responsiveness Under Heavy CPU Load Using CFS Zen Tweaks - Linux Uprising Blog

    CFS Zen Tweaks is a bash script and systemd service that tweak the Linux CPU scheduler for better desktop responsiveness when under heavy CPU utilization.

    The default kernel settings are not tweaked for desktop usage, with high throughput being prioritized over latency, notes the CFS Zen Tweaks author. This results in a less responsive desktop under heavy CPU load. Using CFS Zen Tweaks, you should notice an improved desktop responsiveness - for example, its author mentions that before using this, YouTube would lag while compiling code, and that's no longer the case using the CFS Zen tweaks.

    The CFS Zen Tweaks project adjusts the default kernel CPU scheduler (CFS or Completely Fair Scheduler) for better desktop responsiveness. The CFS CPU scheduler settings come from Linux ZEN kernel, which was created to provide a better Linux kernel for everyday systems.
    Note that only the CFS CPU scheduler tweaks are used from the ZEN kernel, while this custom kernel also has other tweaks.

Syndicate content

More in Tux Machines

Why We Can't Teach Cybersecurity

By Dr. Andy Farnell

I teach cybersecurity. It's something I really believe in, but it's hard work for all the wrong reasons. First day homework for students is watching Brazil, No Country for Old Men, Chinatown, The Empire Strikes Back, or any other film where evil triumphs and the bad guys win. This establishes the right mindset - like the medics at the Omaha beach landing in Saving Private Ryan. Not to be pessimistic, but cybersecurity is a lost cause, at least as things stand today. If we define computer security to be the combination of confidentiality, integrity, and availability for data, and as resilience, reliability and safety for systems, then we are failing terribly on all points.

As a "proof" after a fashion, my students use a combination of Blotto analysis from military game theory, and Lubarsky's law ("there's always one more bug"). It is a dispiriting exercise to see how logic stacks up against the defenders, according to which "the terrorists always win". Fortunately, game theory frequently fails to explain a reality where we are not all psychopathically selfish Bayesian utility maximisers (unlike corporations which are programmed to be). Occasionally hope, compassion, gratitude, and neighbourly love win out.

Could things be worse than having mathematics against you? Actually yes. You could live in a duplicitous culture antithetical to security but favouring a profitable facsimile of it. Perhaps that's a means for obsolete power hierarchies to preserve themselves, or because we don't really understand what "security" is yet. Regardless, that's the culture we have, and it's a more serious problem than you might think, much more so than software complexity or the simple greed of criminals.

My optimism is that if we can face up to facts, we can start to change and progress. It is in the nature of teachers, doctors and drill instructors that we must believe people can change. So I'll try to explore here how this mess happened, how Linux, BSD and free open source software with transparent standards are a plausible even necessary way out of the present computer security crisis, and why the cybersecurity courses at most universities are not helping.

We have to keep faith that complexity, bad language design and reckless software engineering practices are surmountable by smart people. Maybe one day we'll build computers that are 99.9% secure. But that is unlikely to happen for reasons recently explained by Edward Snowden, who describes an Insecurity Industry. Indeed, I was a little disappointed by Snowden's essay which does not go nearly far enough in my opinion.

For me, the Insecurity Industry is not located in a few commercial black-hat operations like Israel's NSO Group, but within the attitudes and practices running through every vein of mainstream computing. As with its leaders, a society gets the technology it deserves. As we revel in cheap imported goods, surveillance capitalism, greed, convenience, manipulation, and disempowerment of users, we reap the security we deserve.

Blaming the cyber-arms trade, the NSO or NSA for answering the demands of cops and criminals alike, is distracting. Without doubt what they are doing is wrong and harmful to everyone, but we can't have secure computing while those who want it are an educated minority. That situation will not change so long as powerful and fundamentally untrustworthy corporations with business models founded on ignorance dominate our digital lives.

Projects of digital literacy started in the nineteen eighties. They kick-started Western tech economies, but faltered in the mid nineties. Programming and "computer studies" which attempted to explain technological tools were replaced by training in Microsoft Word and Excel spreadsheets. Innovation tailed-off. A generation taught to be dependent on tech, not masters of it, are fit only for what David Graeber described as Bullshit Jobs Graeber18.

Into this vacuum rushed "Silicon Valley values" of rent seeking, piggybacking upon established standards and protocols. With a bit of spit, polish, and aggressive marketing, old lamps could be foisted upon consumers. Twenty years later we have a culture of depressed, addicted, but disenfranchised technology users Lanier11.

We have moved from "It's more fun to compute" to "If you've nothing to fear you've nothing to hide". In other words, we've transformed digital technology from a personally empowering choice into systems of near-mandatory social command and control (see Neil Postman's Technopoly postman93). What advantage would any group have in securing their own chains and the weapons ranged against them? A sentiment only half-disguised in young people today is utter ambivalence toward tech.

As states move to reclaim control from social media platforms, public debate has been framed around whether Facebook and suchlike are threats to democracy and ought to be regulated. But this is merely a fragment of a larger problem and of a discussion that has never been properly widened to examine the general dangers of information technology in all its manifest forms, in the hands of governments, businesses, rogue groups and individuals alike.

For me, an elephant in the room is the colossal distance between what we teach and what we practice. Twice convicted monopolists Microsoft set back computing by decades, and in particular their impact on security has been devastating. Yet their substandard wares are still pushed into schools, hospitals and safety-critical transport roles. Even as embarrassing new holes in their products are exposed daily, lobbying and aggressive misinformation from Microsoft and other Big-Tech companies, all of which suffer from appalling privacy and security faults, continues unabated.

Big-tech corporations are insinuating themselves into our public education and health systems without any proper discussion around their place. It is left to well educated individuals to opt-out, reject their systems, and insist on secure, interoperable choices. Advisories like the European Interoperability Framework (EIF is part of Communication COM134 of the European Commission March 2017) recognise that tech is set to become a socially divisive equality issue. The technical poverty of the future will not separate into "haves and have-nots", but "will and the will-nots", those who will trade their privacy and freedom for access and those who eschew convenience for digital dignity.

As the word "infrastructure" (really vertical superstructure) has slyly replaced ICT (a horizontal service) battles have raged between tech monopolies and champions of open standards for control of government, education and health. The idea of public code (see the commentary of David A Wheeler and Richard Stallman) as the foundation of an interoperable technological society, has been vigorously attacked by tech giants. Germany fought Microsoft tooth and nail to replace Windows systems with 20,000 Linux PCs in 2015, only to have Microsoft lobby their way back in, replacing 30,000 desktops with Windows 10 in 2017. Now the Germans seem poised to switch again, this time taking back all public services by mandating support for LibreOffice.

In the UK, several institutions at which I teach are 'Microsoft customers'. I pause to use the term "Microsoft Universities", but they may as well be. Entirely in the pocket of a single corporation, all email, storage networks, and "Teams" communication are supplied by the giant. Due to de-skilling of the sector, the ICT staff, while nice enough people, lack advanced IT skills. They can use off-the-shelf corporate tools, but anything outside lockstep conformity allowed by check-box webmin interfaces is both terrifying and "not supported". I met a secondary school headmaster who seemed proud to tell me that they were not in the pockets of Microsoft, because they had "become a Google Academy". I responded that "as a Linux child", my daughter woudn't be using any of that rubbish either.

Here's a problem; I don't use Microsoft or Google products. At one level it's an ethical decision, not to enrich aggressive bullies who won't pay proper taxes in my country. It's also a well informed technical position based on my knowledge of computer security. For me to teach Microsoft to cybersecurity students would bring professional disgrace. I won't be the first or last person to lose work for putting professional integrity first. They say "Nobody ever got fired for choosing Microsoft". At some institutions that is not merely advice, it's a threat. Security in the shadow of Big-Tech now means job-security, as in the iron rice bowl from which the compliant may feed, but educated independent thinkers must abstain.

A more serious problem is not just that companies like Google and Microsoft are an expensive, controlling foreign corporations supplying buggy software, or that university administrators have given away control of our networks and systems, it's that commercial products are increasingly incompatible with teaching and research. They inject inbuilt censorship and ideological micromanagement into academies and schools.

Another is that "choice" is something of an illusion. Whatever the appearance of competition between, say, Apple and Facebook, Big-Tech companies collude to maintain interlocking systems of controls that enforce each others shared values including sabotage of interoperability, security and inviting regulation upon themselves to better keep down smaller competitors. Big-Tech comes with its own value system that it imposes on our culture. It restricts the learning opportunities of our kids, limits workplace innovation and diversity, and intrudes into our private activities of commerce and health.

In such a hostile environment for teaching cybersecurity (which is to teach empowering knowledge, and why we call it "Ethical Hacking" 1) one may employ two possible methods. First, we can buy in teaching packages reliant entirely on off-site resources. These are the "official" versions of what computer security is. Two commonly available versions come from Cisco and the EC Council. Though slickly presented these resources suffer the same problems as textbooks in fast-changing disciplines. They very quickly go out of date. They only cover elementary material of the "Cyber Essentials" flavour, which ultimately is more about assurance than reality. And they are partial, perhaps even parochial versions of the subject arrived at by committee.

Online courses also suffer link-rot and patchy VM service that breaks lessons. Unlike in-house setups, professors or students cannot debug or change the system, itself an important opportunity for learning. Besides, the track record of Cisco with respect to backdoors no longer inspires much confidence.

The other method is to create "suitcase data-centres". A box of Raspberry Pi single board computers saves the day! The Raspberry Pi Foundation, perhaps modelled after the early digital literacy drives of Acorn/BBC has done more for British education than any dozen edu-tech companies by promoting (as much as it can) openness of hardware and GNU/Linux/Unix software.

Junk laptops running Debian (Parrot Linux) and SBCs make a great teaching setup because a tangle of real network cables, wifi antennas and flashing lights helps visualise real hacking scenarios. Professors often have to supply this equipment using our own money. I rescued a pile of 1.2GHz Intel Atom netbooks from the garbage. Because we are not allowed to connect to university networks, 3/4G hotspots are necessary, again using bandwidth paid for out of my own pocket in order to run classes. Teaching cybersecurity feels like a "forbidden" activity that we sneakily have to do despite, not because of, university support.

Teaching cybersecurity reflects a cultural battle going on right inside our classrooms. It is a battle between two version of a technological society, two different futures. One an empowering vision of technology, the other a dystopian trap of managed dependency. Dan Geer, speaking in 2014 described cybersecurity as a manifestation of Realpolitik. Nowhere does the issue come so clearly to a head as in the schism between camps of Snowden or Assange supporters and the US State, each of which can legitimately claim the other a "traitor" to some ideal of "security".

At the everyday level there is a tension between what we might call real versus fake security. The latter is a festival of form over function, a circus of phones, apps and gizmos where appearance triumphs over reality. It's a racket of productised solutionism, assurance, certification and compliance that's fast supplanting actual security efforts. By contrast, the former is a quiet anathema to "security industry" razzle. It urges thoughtful, modest simplicity, slow and cautious change. It's about what you don't do.

So, in our second lesson we analyse the word "security" itself. Security is both a reality and a feeling. There are perhaps masculine and feminine flavours of security, one following a military metaphor of perimeters, penetration and targets, the other, as Eve Ensler Ensler06 and Brene Brown Brown12 allude, an inner security that includes the right to be insecure and be free from patrician security impositions "for your own good". Finally, there is the uncomfortable truth that security is often a zero-sum affair - your security means my insecurity. While "good" security is a tide that raises all ships, some people misuse security as a euphemism for wielding power.

None of these social and psychological realities fit well into the lacklustre, two dimensional models of textbook computer security. Fortunately a mature discipline of Security Engineering which does not dodge social and political factors has emerged in the UK. Ross Anderson Anderson08 is part of a team leading such work at the Cambridge Cybercrime Centre. One take-away from lesson two is that the word "security" may not be used as a bare, abstract noun. One must ask; security for who? Security from who or what? Security to what end?

Once we begin to examine the deeper issues around device ownership, implied (but infirm) trust models, forced updates, security theatre, and conflicting cyber-laws, we see that in every important respect tech is anarchy. It's a de facto "might is right" free-for-all where much of what passes for "security" for our smartphones, online banking and personal information is "ignorant bullshit" (in the strict academic sense of bullshit according to Harry Frankfurt; that vendors and politicians don't know that they do not know what they are talking about - and care even less Frankfurt05).

Consequently, much of what we teach; the canonical script of "recon, fingerprinting, vulnerability analysis, vector and payload, clean-up, pivoting, escalation, keeping root…", and the corresponding canon of blue team defence (backup, intrusion detection, defence in depth, etc…) - has no context or connection to a bigger picture. It is ephemeral pop that will evaporate as technology changes leaving students with no deeper understanding of what we are trying to do by testing, protecting and repairing systems and data, or why that even matters.

We create more guards for the castles of tech-feudalism - obedient, unthinking security guards employed to carry out the whims of the management class. Leveraged by the unspoken carrot of preferential technical privilege and enforced by the stick of threatened removal of their "security status", they become administrators of new forms of political force. Challenges to grey-area behaviours beyond the legal remit of managers, are proclaimed "security breaches" unless pursued through intractable administrative routes or through appeals that can be deflected with allusions to "policy" or the abstract "security" of unseen authorities. Some of our smartest people are ultimately paid well to shut up and never to think for themselves.

There is a very serious concern that our "Ethical Hacking" courses (which contain no study of ethics whatsoever) are just creating fresh cyber-criminals. Despite the narrative that "we are desperately short of cybersecurity graduates and there are great jobs for everyone", the reality is that students graduate into an extremely competitive environment where recruitment is often hostile and arbitrary. It doesn't take them long to figure that their newfound skills are valuable elsewhere.

Years ago, it became clear to me that we must switch to a model of "Civic Cyber Security". I became interested in the work of Bruce Schneier not as a cryptographer but as an advocate of Technology In The Public Interest. National security is nothing more than the sum-total of individual earned and learned security. That means teaching children as young as five foundational attitudes that would horrify industry.

There is no room to lie back and hope Apple or Google can protect us. Organisations like the UK's National Cyber Security Centre, or US National Security Agency, which have conflicted remits, might wish to be seen as benevolent guardians. Their output has been likened by comedian Stuart Lee to "Mr Fox's guide to hen-house security". Cybersecurity can never be magically granted by those who have a deep and lasting interest in withholding it.

The business of "personal computing" has become ugly. Cybersecurity, in as much as it exists, is a conflicted and unreliable story we tell ourselves about power and tribal allegiances. We can't put on a "good guys" hat and beat "cyber-criminals" so long as we are competing with them for the same thing, exploitable clueless users.

The only questions are whether they are to be sucked dry by ransomware, "legitimate" advertising, or manipulated for political ends. If we are to engage in sincere, truthful education, then we have to call-out Big-Tech for what it is; more a part of the problem than a solution. Those of us who want to explore and teach must still circumvent, improvise and overcome within institutions that pay only lip service to authentic cybersecurity because they are captured by giant corporations

Bibliography

Bibliography

  • [Graeber18] David Graeber, Bullshit Jobs: A Theory, Simon and Schuster (2018).
  • [Lanier11] Jaron Lanier, You Are Not a Gadget, Vintage (2011).
  • [postman93] Neil Postman, Technopoly: The Surrender of Culture to Technology, Vintage Books. N.Y. (1993).
  • [Ensler06] Ensler, Insecure at last, Villard (2006).
  • [Brown12] Brené Brown, The Power of Vulnerability: Teachings on Authenticity, Connection and Courage, Sounds True (2012).
  • [Anderson08] Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, Wiley (2008).
  • [Frankfurt05] Harry Frankfurt, On Bullshit, Princeton University Press (2005).

Footnotes:

1 A term made up to attract young students to cybersecurity while assuring parents and politicians.
About the author Dr. Andy Farnell is a computer scientist, author and visiting professor in signals, systems and cybersecurity at a range of European universities. His recent book "Digital Vegan" uses a dietary metaphor to examine technology dependency and over-consumption.

toiday's leftovers

  • Linux Weekly Roundup #158

    Welcome to this week's Linux Roundup. It was a full week of Linux releases with Endless OS 4.0.0 and Deepin 20.3. We hope that you had a good week and may the be a great one ahead!

  • Putting the Open back into Open Source

    Agility has never been more important than it is in today’s disrupted digital world. Leaders in every industry are trying to find a balance between the stability that allows them to plan for the future, while creating highly agile organisations that can quickly respond to new challenges and opportunities. This agility only comes from the ability to innovate at speed, which is why open source communities are as vital as ever. According to SUSE’s recently commissioned Insight Avenue report, Why Today’s IT Leaders are Choosing Open, 84% now see open source as a way to cost-effectively drive this innovation.

  • How To Install Snap on Ubuntu 20.04 LTS - idroot

    In this tutorial, we will show you how to install Snap on Ubuntu 20.04 LTS. For those of you who didn’t know, Snap also known as Snappy is an alternative package management tool and program package format developed by Canonical, the company behind Ubuntu Linux. All the snaps are usually stored in a central repository called Snap Store from where snaps can be downloaded and installed using the snap command. Snaps work across a range of Linux distributions, which makes them a distro-agnostic upstream software deployment solution. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Snap Package Manager on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.

  • The European Commission To Force Apple To Allow App Sideloading (NASDAQ:AAPL) | Seeking Alpha [Ed: It is NOT called SIDELOADING… it’s called INSTALLING!]

    Investors are ignoring significant regulatory developments for Apple while distracted by Apple Car speculation.

  • Unboxing Busybox: Claroty and JFrog uncovers 14 vulnerabilities

    Embedded devices with limited memory and storage resources are likely to leverage a tool such as BusyBox, which is marketed as the Swiss Army Knife of embedded Linux. BusyBox is a software suite of Unix utilities, known as applets, that are packaged as a single executable file. Within BusyBox you can find a full-fledged shell, a DHCP client/server, and small utilities such as cp, ls, grep, and others. You’re also likely to find many OT and IoT devices running BusyBox, including popular programmable logic controllers (PLCs), human-machine interfaces (HMIs), and remote terminal units (RTUs)—many of which now run on Linux. As part of our commitment to improving open-source software security, Claroty’s Team82 and JFrog collaborated on a vulnerability research project examining BusyBox. Using static and dynamic techniques, Claroty’s Team82 and JFrog discovered 14 vulnerabilities affecting the latest version of BusyBox. In most cases, the expected impact of these issues is denial of service (DoS). However, in rarer cases, these issues can also lead to information leaks and possibly remote code execution.

  • Perl Weekly Challenge 140: Multiplication Tables
  • Leaky Rakudo

    Yesterday the discord-bridge-bot refused to perform its 2nd job: EVAL All The Things! The EVALing is done via shell-out and requires a fair bit of RAM (Rakudo is equally slim then Santa). After about 3 weeks the fairly simple bot had grown from about halve a GB to one and a halve – while mostly waiting for the intertubes to deliver small pieces of text. I complained on IRC and was advised to take heap snapshots. Since I didn’t know how to make heaps of snapshots, I had to take timo’s directions towards use Telemetry. As snap(:heap) wasn’t willing to surrender the filename of the snapshot (I want to compress the file, it is going to get big over time) I had a look at the source. I also requested a change to Rakudo so I don’t have to hunt down the filename, which was fulfilled by lizmat 22 minutes later. Since you may not have a very recent Rakudo, the following snipped might be useful.

  • Nemiver debugger now in devx SFS

    Mike (mikewalsh) responded with a great link that lists lots of Linux debugger/trace tools. The EasyOS devx SFS already has the 'gdb' CLI utility, and I saw on that link, there are 'ddd' and 'nemiver' GUI frontends for gdb. I went for nemiver and compiled it. The project seems to be almost dead, but then, if it works, perhaps no need for more commits to the git repository. I chose version 0.8.2, not the latest, but it suited me to stay with a gtk+2 based app rather than gtk+3. Two dependencies, 'gtkmm' and 'libgtop', are compiled in OpenEmbedded. I compiled 'libgtksourceviewmm' and 'nemiver' in a running EasyOS and made them into PETs.

Kernel and Graphics: Linux Stuff and GPUs

  • Facebook/Meta Tackling Transparent Page Placement For Tiered-Memory Linux Systems - Phoronix

    Back during the Linux 5.15 cycle Intel contributed an improvement for tiered memory systems where less used memory pages could be demoted to slower tiers of memory storage. But once demoted that kernel infrastructure didn't have a means of promoting those demoted pages back to the faster memory tiers should they become hot again, though now Facebook/Meta engineers have been working on such functionality.  Prior to the Linux 5.15 kernel, during the memory reclaim process when the system RAM was under memory pressure was to simply toss out cold pages. However, with Linux 5.15 came the ability to shift those cold pages to any slower memory tiers. In particular, modern and forthcoming servers with Optane DC persistent memory or CXL-enabled memory, etc. Therefore the pages are still accessible if needed but not occupying precious system DRAM if they aren't being used and to avoid just flushing them out or swapping to disk. 

  • Linux 5.17 To Boast Latency Optimization For AF_UNIX Sockets - Phoronix

    Net-next has been queuing a number of enticing performance optimizations ahead of the Linux 5.17 merge window kicking off around the start of the new year. Covered already was a big TCP optimization and a big improvement for csum_partial() that is used in the network code for checksum computation. The latest optimization is improving the AF_UNIX code path for those using AF_UNIX sockets for local inter-process communication.  A new patch series was queued up on Friday in net-next for improving the AF_UNIX code. That patch series by Kuniyuki Iwashima of Amazon Japan is ultimately about replacing AF_UNIX sockets' single big lock with per-hash locks. The series replaces the AF_UNIX big lock and also as part of the series has a speed-up to the autobind behavior. 

  • Nvidia Pascal GPU, DX12 and VKD3D: Slideshow time! - Boiling Steam

    So Horizon Zero Dawn had a sale recently on Fanatical, and I thought… OK I’ll grab it! It’s time. I first installed it on my workstation that only has a GTX1060 3GB GPU – not a workhorse but a decent card nonetheless for low-to-medium end gaming. I knew very well that Horizon Zero Dawn is a DX12 game and that Pascal architecture (Nvidia 10xx basically) and earlier versions do not play very well with DX12 games running through vkd3d-proton, the DX12 to Vulkan translation layer. Still, I could imagine getting somewhere around 30 FPS on low-to-medium settings, and use FSR if necessary to get to better framerates. Nothing prepared me for the performance I was about to experience.

Linux 5.16-rc3

So rc3 is usually a bit larger than rc2 just because people had some
time to start finding things.

So too this time, although it's not like this is a particularly big
rc3. Possibly partly due to the past week having been Thanksgiving
week here in the US. But the size is well within the normal range, so
if that's a factor, it's not been a big one.

The diff for rc3 is mostly drivers, although part of that is just
because of the removal of a left-over MIPS Netlogic driver which makes
the stats look a bit wonky, and is over a third of the whole diff just
in itself.

If you ignore that part, the statistics look a bit more normal, but
drivers still dominate (network drivers, sound and gpu are the big
ones, but there is noise all over). Other than that there's once again
a fair amount of selftest (mostly networking), along with core
networking, some arch updates - the bulk of it from a single arm64
uaccess patch, although that's mostly because it's all pretty small -
and random other changes.

Full shortlog below.

Please test,

             Linus
Read more Also: Linux 5.16-rc3 Released With Alder Lake ITMT Fix, Other Driver Fixes - Phoronix