Language Selection

English French German Italian Portuguese Spanish

Server

SQLite 3.33 Released With PostgreSQL-Inspired UPDATE FROM, Database Files Up To 281 TB

Filed under
Server
OSS

SQLite 3.33 is out as the latest update to this widely-used, embed-friendly database library used by countless applications and other software.

With SQLite 3.33 the maximum size of database files has been increased to now allow up to 281 TB files.

Another significant addition with SQLite 3.33 is support for the UPDATE FROM syntax, based on the PostgreSQL implementation. UPDATE FROM is for performing an UPDATE statement using data driven by other tables. More details on SQLite's UPDATE FROM implementation via the documentation.

Read more

Also: PopSQL Editor Software Review: Write queries, visualize data, and share results

Server: OpenStack Charms 20.08, Kubernetes Hierarchical Namespaces and Mirantis Takes Lens Kubernetes IDE

Filed under
Server

  • OpenStack Charms 20.08 – TrilioVault, Arista and more

    One of the biggest enhancements brought by the OpenStack Charms 20.08 release is an addition of TrilioVault for OpenStack. TrilioVault is a backup and recovery solution that natively integrates with OpenStack, providing data protection capabilities for workloads running in the cloud. It integrates with the OpenStack dashboard to provide tenant-level control and visibility for backup administrators in a single view.

    TrilioVault for OpenStack is available in the form of four charms: trilio-data-mover, trilio-dm-api, trilio-horizon-plugin and trilio-wlm that can be seamlessly plugged into the Charmed OpenStack deployment. Refer to the OpenStack Charms documentation for exact integration steps. All charms are released as stable and will be supported under the Ubuntu Advantage for Infrastructure (UA-I) subscription. Canonical and Trilio have partnered to ensure that the joint solution is fully tested and validated.

  •        

  • Introducing Hierarchical Namespaces

    Safely hosting large numbers of users on a single Kubernetes cluster has always been a troublesome task. One key reason for this is that different organizations use Kubernetes in different ways, and so no one tenancy model is likely to suit everyone. Instead, Kubernetes offers you building blocks to create your own tenancy solution, such as Role Based Access Control (RBAC) and NetworkPolicies; the better these building blocks, the easier it is to safely build a multitenant cluster.

  • Mirantis acquires popular Kubernetes IDE Lens

    Kubernetes, the container orchestration program of choice for most companies is many things, but one thing it's not is "easy." It's famous for being complex and a real pain-in-the-rump to work with, which is one reason why Mirantis, a Kubernetes, has acquired the popular open-source Lens Kubernetes integrated development environment (IDE) project. This comes after Mirantis acquired the Kotena team behind it in February.

    [...]

    Why? Mirantis states it's because: "Lens eliminates the Kubernetes complexity that has hindered mainstream developer adoption since its inception. The tool unlocks situational awareness and enables users to easily manage, develop, debug, monitor, and troubleshoot their workloads across multiple clusters in real-time."

Intel mOS: Linux variant intended for for high-performance computing

Filed under
GNU
Linux
Server

Intel mOS aims to provide a high-performance environment for software, the operating system is based on the Linux kernel, modified by Intel to make it suitable for the HPC ecosystem.

The media said that mOS is still in the early stages of research, but could already be used for supercomputers like ASCI Red, IBM Blue Gene, and so on. Intel’s goal is to develop a stable version of the Aurora supercomputer when it is ready.

The Intel mOS system will continue to be based on Linux extensions, the latest version 0.8 uses the Linux 5.4 LTS kernel, but it has its own LWK lightweight kernel, the Linux kernel manages a small number of CPU cores to ensure compatibility, and the LWK kernel manages the rest of the system, similar to the Mutil-OS multi-OS.

Read more

Servers: Hosting, Supermicro and Containers

Filed under
Server
  • Linux vs. Windows hosting: What is the core difference?

    If you are having a budget constraint, Linux hosting is always a better option. But if you want to run certain complex applications on your website or web hosting that is specific to Windows, Windows hosting is the solution for you.

    If you are looking for a bulk of free and open-source applications and content management systems such as WordPress to run, it is better that you select Linux hosting.

  • Supermicro Launches SuperServer SYS-E100-9W-H Fanless Whiskey Lake Embedded Mini PC

    US-based Supermicro is known for its server products, but the company’s latest SuperServer SYS-E100-9W-H fanless embedded mini PC targets other applications, specifically industrial automation, retail kiosks, smart medical devices, and digital signage.

    The mini PC is equipped with an Intel Core i7-8665UE Whiskey Lake Embedded processor coupled with up to 64GB DDR4 memory, and offers plenty of connectivity options with dual Gigabit Ethernet, eight USB ports, four serial ports, and dual video output with HDMI and DisplayPort.

    [...]

    Supermicro only certified the mini PC with Windows 10, but looking at the OS compatibility matrix for X11SWN-H SBC used inside the mini PC, 64-bit Linux OS like Ubuntu 18.04/20.04, RedHat Enterprise Linux, and SuSE Linux should also be supported. The company also provides SuperDoctor 5 command-line or web-based interface for Windows and Linux operating systems to monitor the system and gets alerts via email or SNMP.

  • OpenDev 2020: Containers in Production – Day 1

Everything You Need to Know About Linux Ubuntu Server

Filed under
Linux
Server
Ubuntu

As you should probably know, Linux powers the majority of the web we see today. This is mainly because Linux systems are inherently more secure and stable than other systems. There are several types of Linux distributions for powering servers. Some notable ones include Ubuntu, Red Hat, Debian, and CentOS. Ubuntu, in particular, has been enjoying a surge in popularity as a server distro in recent times. In this guide, our editors have outlined why the Linux Ubuntu server is outgrowing many of its competitions. Stay with us throughout this guide to learn why Ubuntu shines as a server distro.

Read more

Why I use Ingress Controllers to expose Kubernetes services

Filed under
Server

The meteoric rise of containerization and microservices has been necessary to meet the growing demand for applications, but getting it right means overcoming some critical network orchestration challenges. Out of the complexities that developers of cloud-native applications face, strategically utilizing Kubernetes ingress controllers is among the most difficult components to understand—and among the most important.

Before diving into ingress controllers, you need to understand why networking is so important to developer workflows.

It is common for development teams to create backend API services to enable connectivity for external applications and users. In early development phases, teams often use implementations of container environments on local development machines, which more simply rely on direct container invocations through Docker Compose or similar local orchestrators for access.

However, when the time comes to shift to a shared development or staging environment and match the configuration that will be used in production, these direct-access stopgaps are no longer sufficient. The access patterns often assume trusted access, which can't be assumed in production, or they rely on static values that are likely to change in a cloud infrastructure.

Read more

Journey of a Linux DevOps engineer

Filed under
GNU
Linux
Red Hat
Server

After navigating the streets of Manhattan and finding a parking spot, we walked down the block to what turned out to be a large bookstore. You've seen bookstores like this on TV and in the movies. It looks small from the outside, but once you walk in, the store is endless. Walls of books, sliding ladders, tables with books piled high—it was pretty incredible, especially for someone like me who also loves reading.

But in this particular store, there was something curious going on. One of the tables was surrounded by adults, awed and whispering among each other. Unsure of what was going on, we approached. After pushing through the crowd, I saw something that drew me in immediately. On the table, surrounded by books, was a small grey box—the Apple Macintosh. It was on, but no one dared approach it—no one, that is, except me. I was drawn like a magnet, immediately grokking that the small puck-like device moved the pointer on the screen. Adults gasped and murmured, but I ignored them all and delved into the unknown. The year was, I believe, 1984.

Somewhere around the same time, though likely a couple of years before, my father brought home a TI-99/4A computer. From what I remember, the TI had just been released, so this had to be somewhere around 1982. This machine served as the catalyst for my love of computer technology and was one of the first machines I ever cut code on.

My father tells a story about when I first started programming. He had been working on an inventory database, written from scratch, that he had built for his job. I would spend hours looking over his shoulder, absorbing everything I saw. One time, he finished coding, saved the code, and started typing the command to run his code ("RUN"). According to him, I stopped him with a comment that his code was going to fail. Ignoring me, as I was only five or six at the time, he ran the code, and, as I had predicted, it failed. He looked at me with awe, and I merely looked back and replied, "GOSUB but no RETURN."

Read more

Also: Authorizing multi-language microservices with Louketo Proxy

Sysadmin Appreciation Day and More Homage to Sysadmins

Filed under
GNU
Linux
Server

  • Celebrate Sysadmin Appreciation Day today

    Happy Sysadmin Appreciation Day, and thank you for all you do. When email is flowing, databases just work as they should, and the network is screaming (in a good way), you can focus on more challenging things, like how to automate tasks to make your sysadmin life easier.

    But when things break, and we know they will, it's all hands on deck to fix the problem and find the root cause, so it doesn't happen again. Sometimes, you'll find that elusive answer, and sometimes you put your hands up and move on to the next fire.

    Here at Enable Sysadmin, we're building a great community of authors who want to share their stories, their expertise, and learn from each other. In May 2020, we officially launched our Sudoers program to recognize our core contributors, and we invite you to check it out and join us.

  • Celebrate Sys Admin Appreciation Day with Special Free Issue from ADMIN Magazine

    System Administrator Appreciation Day is a special day dedicated to system administrators around the world. This year, FOSSlife and ADMIN Network & Security are partnering to provide another installment of the ADMIN "Terrific Tools" series, dedicated to the tireless professionals who keep our networks alive and well.

    Celebrate System Administrator Appreciation Day with this collection of articles on free tools for IT professionals. This special digital issue includes useful utilities that will help you search out rootkits, monitor network traffic, generate easy-to-use passwords, and much more. Bonus articles explore hidden command-line tools and describe how to find resource bottlenecks with eBPF.

  • July 31, 2020: Celebrate “System Administrator Appreciation Day” Today

    Ted Kekatos, a System Administrator by profession got inspired by an Advertisement in Hewlett-Packard Magazine where an Administrator is greeted in the form of flowers and fruit-baskets by thankful co-workers for their new printer installed.

    Kekatos idea was further recognized and promoted by lots of IT organizations and professional including the ‘League of Professional System Administrator‘, SAGE/USENIX, etc.

    The first System Administrator Appreciation Day was celebrated on July 28, 2000. And since then celebrating System Administrator Appreciation Day every year gets a worldly recognition and today we reached the figure 21st.

  • What sysadmins wish their co-workers knew about their jobs

    You have a problem, and reach out to the help desk or your friendly neighborhood admin. It's a quick fix, you're sure, but ugh they want you to file a ticket! What a pain, right? It might sound like they're giving you the cold shoulder but that's (usually) not the case. Admins want users to file tickets for a number of reasons.

    First of all, it helps them manage their time. It's hard to focus on longer projects when you are pelted with "this will just take five minutes" requests all day. Also, other people have been waiting for their ticket to be handled.

    Secondly, admins may need to account for their work and demonstrate that they are -- in fact -- busy and not just playing Doom Eternal all afternoon.

    Also, it helps keep track of problems that crop up frequently and assists with institutional memory. A well-kept ticketing system with a good search tool can help admins identify long-term problems that need fixing, and reduce the time to fix problems in the future by documenting how they were fixed today.

  • The sysadmin's journey: A series of unexpected events

    As part of the 21st annual System Administrator Appreciation Day celebration, I want to share these four pillars to help you improve your skills, just as they did with me.

Linux runs on 500 of the top 500 supercomputers

Filed under
GNU
Linux
Server

One of the primary testaments to the success of Linux is its amazing dominance in the area of supercomputing. Today, all 500 of the world’s top 500 supercomputers are running Linux. In fact, this has been the case since Nov 2017. I know this because the TOP500 organization has been tracking the 500 most powerful commercially available computer systems since 1993 and their data documenting Linux’ takeover of supercomputing since 1998 is nothing short of inspiring. A graph of Linux' ascension is available on this TOP500 page.

Read more

New Security Patches and New UEFI 'Secure' Boot Catastrophe

Filed under
Server
Security
  • Security updates for Thursday

    Security updates have been issued by Arch Linux (webkit2gtk), CentOS (GNOME, grub2, and kernel), Debian (firefox-esr, grub2, json-c, kdepim-runtime, libapache2-mod-auth-openidc, net-snmp, and xrdp), Gentoo (chromium and firefox), Mageia (podofo), openSUSE (knot and tomcat), Oracle (grub2, kernel, postgresql-jdbc, and python-pillow), Red Hat (firefox, grub2, kernel, and kernel-rt), SUSE (grub2), and Ubuntu (firefox, grub2, grub2-signed, and librsvg).

  • Grub2 updates for Red Hat systems are making some unbootable

    As reported in the comments on the Grub2 secure-boot vulnerabilities report, the updates for grub2 for RHEL 8 and CentOS 8 are making some systems unbootable. The boot problems are seemingly unrelated to whether the system has secure boot enabled. It may be worth waiting a bit for that to shake out.

  • Servers at risk from “BootHole” bug – what you need to know

    That’s our tongue-in-cheek name for a cybersecurity vulnerability that not only gets assigned an identifier like CVE-2020-10713, but also acquires an impressive name plus a jaunty logo (and even, in one intriguing case, a theme tune).

    This month’s bug with an impressive name (see what we did there?) is called BootHole, and its logo rather cheekily shows a boot with a worm sticking out of a hole in the toecap.

    The bad news is that this bug affects the integrity of bootup process itself, meaning that it provides a way for attackers to insert code that will run next time you restart your device, but during the insecure period after you turn on the power but before the operating system starts up.

    The good news for most of us is that it relies on a bug in a bootloader program known as GRUB, short for Grand Unified Boot Loader, which is rarely found on Windows or Mac computers.

  • Why the GRUB2 Secure Boot Flaw Doesn’t Affect Purism Computers

    To understand why this flaw does not affect Purism computers, it helps to understand why UEFI Secure Boot exists to begin with, and how it and the security exploit works. Attacks on the boot process are particularly nasty as they occur before the system’s kernel gets loaded. Attackers who have this ability can then compromise the kernel before it runs, allowing their attack to persist through reboots while also hiding from detection. UEFI Secure Boot is a technology that aims to protect against these kinds of attacks by signing boot loaders like GRUB2 with private keys controlled ultimately by Microsoft. UEFI Firmware on the computer contains the public certificate counterparts for those private keys. At boot time UEFI Secure Boot checks the signatures of the current GRUB2 executable and if they don’t match, it won’t allow the executable to run.

    If you’d like to understand the GRUB2 vulnerability in more detail, security journalist Dan Goodin has a great write-up at Ars Technica. In summary, an attacker can trigger a buffer overflow in GRUB2 as it parses the grub.cfg configuration file (this file contains settings for the GRUB2 menu including which kernels to load and what kernel options to use). This buffer overflow allows the attacker to modify GRUB2 code in memory and execute malicious code of their choice, bypassing the protection UEFI Secure Boot normally would have to prevent such an attack.

    Unfortunately, UEFI Secure Boot doesn’t extend its signature checks into configuration files like grub.cfg. This means you can change grub.cfg without triggering Secure Boot and the attack exploited that limitation to modify grub.cfg in a way that would then exploit the running GRUB2 binary after it had passed the signature check.

    Further complicating the response to this vulnerability is the fact that it’s not enough to patch GRUB2. Because the vulnerable GRUB2 binaries have already been signed by Microsoft’s certificate, an attacker could simply replace a patched GRUB2 with the previous, vulnerable version. Patching against this vulnerability means updating your UEFI firmware (typically using reflashing tools and firmware provided by your vendor) so that it can add the vulnerable GRUB2 binary signatures to its overall list of revoked signatures.

Syndicate content

More in Tux Machines

Septor 2020.5

Tor Browser is fully installed (10.0.2) System upgrade from Debian Buster repos as of October 21, 2020 Update Linux Kernel to 5.9.0-1 Update Thunderbird to 78.3.1-2 Update Tor to 0.4.4.5 Update Youtube-dl to 2020.09.20 Read more

Incremental backup with Butterfly Backup

This article explains how to make incremental or differential backups, with a catalog available to restore (or export) at the point you want, with Butterfly Backup. Read more

Regressions in GNU/Linux Evolution

  • When "progress" is backwards

    Lately I see many developments in the linux FOSS world that sell themselves as progress, but are actually hugely annoying and counter-productive. Counter-productive to a point where they actually cause major regressions, costs, and as in the case of GTK+3 ruin user experience and the possibility that we'll ever enjoy "The year of the Linux desktop". [...] We live in an era where in the FOSS world one constantly has to relearn things, switch to new, supposedly "better", but more bloated solutions, and is generally left with the impression that someone is pulling the rug from below one's feet. Many of the key changes in this area have been rammed through by a small set of decision makers, often closely related to Red Hat/Gnome/freedesktop.org. We're buying this "progress" at a high cost, and one can't avoid asking oneself whether there's more to the story than meets the eye. Never forget, Red Hat and Microsoft (TM) are partners and might even have the same shareholders.

  • When "progress" is backwards

Graphics: Vulkan, Intel and AMD

  • NVIDIA Ships Vulkan Driver Beta With Fragment Shading Rate Control - Phoronix

    This week's Vulkan 1.2.158 spec release brought the fragment shading rate extension to control the rate at which fragments are shaded on a per-draw, per-primitive, or per-region basis. This can be useful similar to OpenGL and Direct3D support for helping to allow different, less important areas of the screen be shaded less than areas requiring greater detail/focus. NVIDIA on Tuesday released the 455.26.02 Linux driver (and 457.00 version for Windows) that adds this fragment shading rate extension.

  • Intel Begins Adding Alder Lake Graphics Support To Their Linux Driver - Phoronix

    Intel has begun adding support for Alderlake-S to their open-source Linux kernel graphics driver. An initial set of 18 patches amounting to just around 300 lines of new kernel code was sent out today for beginning the hardware enablement work on Alderlake-S from the graphics side. Yes, it's only a few hundred lines of new driver code due to Alder Lake leveraging the existing Gen12/Tigerlake support. The Alder Lake driver patches similarly re-use some of the same workarounds and changes as set for the 14nm Rocket Lake processors with Gen12 graphics coming out in Q1.

  • AMD Linux Driver Preparing For A Navi "Blockchain" Graphics Card - Phoronix

    While all eyes are on the AMD Radeon RX 6000 "Big Navi" graphics cards set to be announced next week, it also looks like AMD is preparing for a Navi 1x "Blockchain" graphics card offering given the latest work in their open-source Linux driver. Patches posted today provide support for a new Navi graphics card referred to as the "navi10 blockchain SKU." The Navi 10 part has a device ID of 0x731E. From the AMDGPU Linux kernel driver perspective, the only difference from the existing Navi 10 GPU support is these patches disable the Display Core Next (DCN) and Video Core Next (VCN) support with this new SKU not having any display support.