Language Selection

English French German Italian Portuguese Spanish

September 2019

Linux 5.4-rc1

Filed under
Linux

I didn't really extend the merge window by a day here, but I gave
myself an extra day to merge my pending queue. Thus the Monday date
for the rc1 rather than the usual Sunday afternoon.

And it wasn't all _that_ big or painful a merge window, for some
reason I just didn't get to the end of the queue until fairly late in
the second week, and continued to get a few more pull requests even
then. Part of it was just other discussions too happening, so I didn't
do _just_ merges all the time. But part of it was just that I also
spent some of Sunday away from the computer, doing some welding
instead.

Anyway, what I'm saying is that the Monday rc1 isn't really a sign of
any real trouble or more issues than usual. More just random timing.

Size-wise, 5.4 looks to shape up very regular. It's almost exactly the
same size as 5.3 was at the same stage, both in commits and in lines
added (honestly in advertising: 5.3 had more lines removed mainly due
to some isdn removal). Nothing major stands out, the most notable may
be the long-pending lockdown patches that weren't all that big, but
that now finally aren't tied to just EFI secure boot, so you can test
them out other ways too.

Read more

Also: The 5.4-rc1 kernel is out

Linux 5.4-rc1 Kernel Steps Forward With Next-Gen GPU Bits, Arm Laptop Support & exFAT

Manjaro Linux makes two bold moves

Filed under
Linux

Manjaro has had one heck of a ride lately. Recently, the Arch-based Linux distribution went from being just that (an Arch-based Linux distribution) to a full-blown company: Manjaro GmbH & Co. KG. The move was to shift the distribution from being a hobby project to something that should (and will) be taken seriously.

In fact, Philip Müller said he'd been researching "ways to secure the project in its current form and how to allow for activities which can't be undertaken as a 'hobby project.'" What this boils down to is that the Manjaro developers could now focus on the desktop Linux distribution full time, all the while getting paid for their efforts.

Read more

Raspberry Pi OS Raspbian Improves Raspberry Pi 4 Support, Adds Many Improvements

Filed under
Linux

Raspbian 2019-09-26 images are now available to download and they include the rpi-eeprom tool, which will automatically update the SPI EEPROM on the new Raspberry Pi 4 computer to the latest stable version. Furthermore, it adds overscan support added for FKMS driver, and improves Bluetooth connection with audio devices by adding the latest changes to the Bluez ALSA interface.

Furthermore, the Audio Settings tool has been modified to integrate more closely with the Volume plugin, which now lets users switch audio input devices, as well as the audio output between two HDMI devices. Support for more audio devices has been added as well in Raspbian 2019-09-26 by implementing "plug" values in the ALSA configuration file (.asoundrc).

Read more

Android Leftovers

Filed under
Android

The Xeon vs. EPYC Performance With Intel's oneAPI Embree & OSPray Render Projects

With Intel seemingly ramping up work on their open-source OSPray portable ray-tracing engine now that they have pulled it under their oneAPI umbrella as part of a forthcoming rendering tool-kit, I figured it would be the latest interesting candidate for benchmarking of AMD EPYC 7742 vs. Intel Xeon Platinum 8280 performance. In addition, the Embree ray-tracing kernels are also being benchmarked as part of this performance comparison.

Intel's oneAPI is expected to see a beta release next quarter and among the libraries making up the oneAPI Rendering Toolkit will be OSPray and Embree. The OSPRay ray-tracing engine is geared for scientific visualizations and supports a wide range of features all while being open-source under the Apache 2.0 license. OSPray also builds off Embree itself as well as the Intel SPMD Program Compiler (ISPC). The SPMD Program Compiler is for Intel's C-derived language optimized for SIMD on their modern architectures.

Read more

Security in Linux 5.4

Filed under
Linux
Security

Security Updates

Filed under
Security
  • Security updates for Monday

    Security updates have been issued by CentOS (dovecot, kernel, and qemu-kvm), Debian (cimg, cups, e2fsprogs, exim4, file-roller, golang-1.11, httpie, and wpa), Fedora (curl, ghostscript, ibus, krb5, mod_md, and nbdkit), Mageia (chromium-browser-stable, libheif, and nghttp2), openSUSE (djvulibre, expat, libopenmpt, mosquitto, phpMyAdmin, and webkit2gtk3), Red Hat (nodejs:10), SUSE (gpg2), and Ubuntu (e2fsprogs and exim4).

  • Exim 4.92.3 security release

    Exim 4.92.3 has been released with a fix for CVE-2019-16928, a heap-based buffer overflow in string_vformat that could lead to remote code execution. "The currently known exploit uses a extraordinary long EHLO string to crash the Exim process that is receiving the message. While at this mode of operation Exim already dropped its privileges, other paths to reach the vulnerable code may exist."

  • pam-python: local root escalation (CVE-2019-16729)

    Last week the openSUSE Security Team spent some time to check and review the PAM module from the pam-python project. Main reason for that – to make sure that the source code of the project is secure enough and bug free of course. Badly implemented PAM modules may cause user authentication to always succeed or otherwise badly influence security.

Exaile Music Player Got Its First Release in 4 Years, And I Didn’t Even Notice!

Filed under
Software

It turns out that this long-forgotten music library-come-player quietly squeaked back into life in the summer with the release of Exaile 4.0.0.

Exaile, for those who don’t know about it, is a GTK-based music player that was (arguably) most popular during the “halcyon” days of omg! in 2009-2012, aka the era of apps like CoverGloobus, Docky, eMeSeNe, Songbird, et al.

But the player (like other great apps of its time) soon faded from earshot as the music player scene solidified around apps like Banshee and Clementine and music streaming services like Spotify, Pandora and Deezer.

Read more

Microsoft Loves Linux Needs More Work Argues Open Source Leader

Filed under
GNU
Microsoft

Microsoft has increasingly embraced Linux in recent years, enough for Redmond to run under the mantra, “Microsoft Loves Linux”. Of course, the reason for the sea change from hating open source to embracing it is simply good economic movement.

Despite its new-found love for Linux, one expert believes Microsoft has a long way to go to atone for past problems. Specifically, free-software leader Richard Stallman says Microsoft’s top execs previously targeted open source in the past.

Most famous of the Linux attacks was former Microsoft CEO Steve Ballmer, who described the platform as a “cancer”. Former Windows chief Jim Allchin said the open source idea was both un-American and a killer of intellectual property.

Read more

More in Tux Machines

Bringing PostgreSQL to Government

  • Crunchy Data, ORock Technologies Form Open Source Cloud Partnership for Federal Clients

    Crunchy Data and ORock Technologies have partnered to offer a database-as-a-service platform by integrating the former's open source database with the latter's managed offering designed to support deployment of containers in multicloud or hybrid computing environments. The partnership aims to implement a PostgreSQL as a service within ORock's Secure Containers as a Service, which is certified for government use under the Federal Risk and Authorization Management Program, Crunchy Data said Tuesday.

  • Crunchy Data and ORock Technologies Partnership Brings Trusted Open Source Cloud Native PostgreSQL to Federal Government

    Crunchy Data and ORock Technologies, Inc. announced a partnership to bring Crunchy PostgreSQL for Kubernetes to ORock’s FedRAMP authorized container application Platform as a Service (PaaS) solution. Through this collaboration, Crunchy Data and ORock will offer PostgreSQL-as-a-Service within ORock’s Secure Containers as a Service with Red Hat OpenShift environment. The combined offering provides a fully managed Database as a Service (DBaaS) solution that enables the deployment of containerized PostgreSQL in hybrid and multi-cloud environments. Crunchy PostgreSQL for Kubernetes has achieved Red Hat OpenShift Operator Certification and provides Red Hat OpenShift users with the ability to provision trusted open source PostgreSQL clusters, elastic workloads, high availability, disaster recovery, and enterprise authentication systems. By integrating with the Red Hat OpenShift platform within ORock’s cloud environments, Crunchy PostgreSQL for Kubernetes leverages the ability of the Red Hat OpenShift Container Platform to unite developers and IT operations on a single FedRAMP-compliant platform to build, deploy, and manage applications consistently across hybrid cloud infrastructures.

Hardware, Science and History

  • An Open Source Toolbox For Studying The Earth

    Fully understanding the planet’s complex ecosystem takes data, and lots of it. Unfortunately, the ability to collect detailed environmental data on a large scale with any sort of accuracy has traditionally been something that only the government or well-funded institutions have been capable of. Building and deploying the sensors necessary to cover large areas or remote locations simply wasn’t something the individual could realistically do. But by leveraging modular hardware and open source software, the FieldKit from [Conservify] hopes to even the scales a bit. With an array of standardized sensors and easy to use software tools for collating and visualizing collected data, the project aims to empower independent environmental monitoring systems that can scale from a handful of nodes up to several hundred.

  • The Early History of Usenet, Part II: Hardware and Economics

    There was a planning meeting for what became Usenet at Duke CS. We knew three things, and three things only: we wanted something that could be used locally for administrative messages, we wanted a networked system, and we would use uucp for intersite communication. This last decision was more or less by default: there were no other possibilities available to us or to most other sites that ran standard Unix. Furthermore, all you needed to run uucp was a single dial-up modem port. (I do not remember who had the initial idea for a networked system, but I think it was Tom Truscott and the late Jim Ellis, both grad students at Duke.) There was a problem with this last option, though: who would do the dialing? The problems were both economic and technical-economic. The latter issue was rooted in the regulatory climate of the time: hardwired modems were quite unusual, and ones that could automatically dial were all but non-existent. (The famous Hayes Smartmodem was still a few years in the future.) The official solution was a leased Bell 801 autodialer and a DEC DN11 peripheral as the interface between the computer and the Bell 801. This was a non-starter for a skunkworks project; it was hard enough to manage one-time purchases like a modem or a DN11, but getting faculty to pay monthly lease costs for the autodialer just wasn't going to happen. Fortunately, Tom and Jim had already solved that problem.

  • UNIX Version 0, Running On A PDP-7, In 2019

    WIth the 50th birthday of the UNIX operating system being in the news of late, there has been a bit of a spotlight shone upon its earliest origins. At the Living Computers museum in Seattle though they’ve gone well beyond a bit of historical inquiry though, because they’ve had UNIX (or should we in this context say unix instead?) version 0 running on a DEC PDP-7 minicomputer. This primordial version on the original hardware is all the more remarkable because unlike its younger siblings very few PDP-7s have survived. The machine running UNIX version 0 belongs to [Fred Yearian], a former Boeing engineer who bought his machine from the company’s surplus channel at the end of the 1970s. He restored it to working order and it sat in his basement for decades, while the vintage computing world labored under the impression that including the museum’s existing machine only four had survived — of which only one worked. [Fred’s] unexpected appearance with a potentially working fifth machine, therefore, came as something of a surprise.

Audiocasts/Shows: Linux Action News and Open Source Security Podcast

Red Hat and Containers

  • Queensland government looks to open source for single sign-on project

    Red Hat Single Sign-On, which is based on the open source Keycloak project, and the Apollo GraphQL API Gateway platform will be the two key software components underpinning a Queensland effort to deliver a single login for access to online government services. Queensland is implementing single sign-on capabilities for state government services, including ‘tell us once’ capabilities that will allow basic personal details of individuals to be, where consent is given by an individual, shared between departments and agencies.

  • Red Hat Releases Open Source Project Quay Container Registry
  • Red Hat open sources Project Quay container registry

    Yesterday, Red Hat introduced the open source Project Quay container registry, which is the upstream project representing the code that powers Red Hat Quay and Quay.io. Open-sourced as a Red Hat commitment, Project Quay “represents the culmination of years of work around the Quay container registry since 2013 by CoreOS, and now Red Hat,” the official post reads. Red Hat Quay container image registry provides storage and enables users to build, distribute, and deploy containers. It will also help users to gain more security over their image repositories with automation, authentication, and authorization systems. It is compatible with most container environments and orchestration platforms and is also available as a hosted service or on-premises.

  • Red Hat declares Quay code open

    Red Hat has open sourced the code behind Project Quay, the six year old container registry it inherited through its purchase of CoreOS. The code in question powers both Red Hat Quay and Quay.IO, and also includes the Clair open source security project which was developed by the Quay team, and integrated with the registry back in 2015. In the blog post announcing the move, Red Hat principal software engineer – and CoreOS alumnus – Joey Schorr, wrote, “We believe together the projects will benefit the cloud-native community to lower the barrier to innovation around containers, helping to make containers more secure and accessible.”

  • New Open Source Offerings Simplify Securing Kubernetes

    In advance of the upcoming KubeCon 2019 (CyberArk booth S55), the flagship event for all things Kubernetes and Cloud Native Computing Foundation, CyberArk is adding several new Kubernetes offerings to its open source portfolio to improve the security of application containers within Kubernetes clusters running enterprise workloads.

  • Java Applications Go Cloud-Native with Open-Source Quarkus Framework

    "With Quarkus, Java developers are able to continue to work in Java, the language they are proficient in, even when they are working with new, cloud-native technologies," John Clingan, senior principal product manager of middleware at Red Hat, told IT Pro Today. "With memory utilization measured in 10s of MB and startup time measured in 10s of milliseconds, Quarkus enables organizations to continue with their significant Java investments for both microservices and serverless." Many organizations have been considering alternative runtimes to Java, like Node.js and Go, due to high memory utilization of Java applications, according to Clingan. In addition, Java’s startup times are generally too slow to be an effective solution for serverless environments. As such, Clingan said that even if an organization decided to stick with Java for microservices, it would be forced to switch to an alternative runtime for serverless, or functions-as-a-service (FaaS), deployment.

  • Styra Secures $14M in Funding Led by Accel to Expand Open Source and Commercial Solutions for Kubernetes/Cloud-native Security

    New technology—like Kubernetes, Containers, ServiceMesh, and CICD Automation—speed application delivery and development. However, they lack a common framework for authorization to determine where access should be allowed, and where it should be denied. Styra’s commercial and open source solutions—purpose-built for the scale of cloud-native development—provide this authorization layer to mitigate risk across cloud application components, as well as the infrastructure they are built upon.