Language Selection

English French German Italian Portuguese Spanish

July 2020

Audiocasts/Shows: Linux Headlines, Free As In Freedom, Ubuntu Podcast from the UK LoCo

Filed under
GNU
Linux

  • 2020-07-31 | Linux Headlines

    Mitigating the BootHole vulnerability is proving difficult for several major Linux distributions, KDE’s Ark tool issues a security advisory, Cloudflare reduces perceived delays in worker process startup time, and Tor brings back its Bug Smash Fund for a second year.

  •        

  • Free As In Freedom Friday - LIVE

    Just another random GNU/Linux-y live stream. I will converse with the YouTube chat so feel free to post freedom-respecting questions and comments.

  •        

  • Ubuntu Podcast from the UK LoCo: S13E19 – Three manholes

    This week we’ve been going retro; making an Ubuntu Retro Remix and playing ET:Legacy. We discuss the new release of digiKam, Intel GPU driver tweaks, Ubuntu Web Remix, Thunderbird 78 and Mir 2.0! We also round up our picks from the tech news.

  •        

  • Kubernetes from cloud to edge: a workshop for the US

Security and Some FUD/Alarmist Slant

Filed under
Security

           

  • Reproducible Builds (diffoscope): diffoscope 154 released

    The diffoscope maintainers are pleased to announce the release of diffoscope version 154. This version includes the following changes:

    [ Chris Lamb ]
    
    
    
    
    * Add support for F2FS filesystems.
      (Closes: reproducible-builds/diffoscope#207)
    * Allow "--profile" as a synonym for "--profile=-".
    * Add an add_comment helper method so don't mess with our _comments list
      directly.
    * Add missing bullet point in a previous changelog entry.
    * Use "human-readable" over unhyphenated version.
    * Add a bit more debugging around launching guestfs.
    * Profile the launch of guestfs filesystems.
    * Correct adding a comment when we cannot extract a filesystem due to missing
      guestfs module.
    
  • BootHole fixes causing boot problems across multiple Linux distros
  •        

  • Red Hat Security Update Renders Systems Unbootable

    Update, shared by PAjamian: Red Hat is now recommending that users do not apply grub2, fwupd, fwupdate or shim updates until new packages are available.

  • Red Hat and CentOS systems aren’t booting due to BootHole patches

    Early this morning, an urgent bug showed up at Red Hat's bugzilla bug tracker—a user discovered that the RHSA_2020:3216 grub2 security update and RHSA-2020:3218 kernel security update rendered an RHEL 8.2 system unbootable. The bug was reported as reproducible on any clean minimal install of Red Hat Enterprise Linux 8.2.

  • Bug in widely used bootloader opens Windows, Linux devices to persistent compromise

    CVE-2020-10713, named “BootHole” by the researchers who discovered it, can be used to install persistent and stealthy bootkits or malicious bootloaders that will operate even when the Secure Boot protection mechanism is enabled and functioning.

    “The vulnerability affects systems using Secure Boot, even if they are not using GRUB2. Almost all signed versions of GRUB2 are vulnerable, meaning virtually every Linux distribution is affected,” the researchers explained.

    “In addition, GRUB2 supports other operating systems, kernels and hypervisors such as Xen. The problem also extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority. Thus the majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment used in industrial, healthcare, financial and other industries. This vulnerability makes these devices susceptible to attackers such as the threat actors recently discovered using malicious UEFI bootloaders.”

    The researchers have done a good job explaining in detail why the why, where and how of the vulnerability, and so did Kelly Shortridge, the VP of Product Management and Product Strategy at Capsule8. The problem effectively lies in the fact that a GRUB2 configuration file can be modified by attackers to make sure that their own malicious code runs before the OS is loaded.

  • Security updates for Friday

    Security updates have been issued by Debian (grub2 and mercurial), Fedora (chromium, firefox, and freerdp), Oracle (firefox and kernel), Red Hat (firefox), Scientific Linux (firefox, grub2, and kernel), and SUSE (ghostscript and targetcli-fb). 

  •  

  • Linux warning: TrickBot malware is now infecting your systems [Ed: "Linux warning" is alarmism because it does not do anything on its own, it's just exploiting already-compromised servers, e.g. weak password and misconfiguration]
  • Beware! TrickBot Malware Is Now Infecting Linux Devices

Kernel: Coming up in Linux 5.8 and Stuff to be Merged Into Linux 5.9.

Filed under
Linux

  • Eight Great Features Of Linux 5.8

    If all goes well the Linux 5.8 kernel will be released as stable this weekend. Linus Torvalds last weekend expressed some uncertainty whether an extra release candidate would be required, but so far this week the kernel Git activity is light, thus for the moment at least is looking like 5.8 will be christened on Sunday. 

    In any case, Linux 5.8 stable should be out either this Sunday or the following weekend on 9 August. After the 5.8 merge window in June we wrote the Linux 5.8 feature overview, but if you forgot about those changes, here is a shorter list looking at eight of the most prominent new features of this kernel...

  •          

  • Intel PMT Framework + Tiger Lake Telemetry Support Updated For Linux

    Back in May I wrote about Intel working on Platform Monitoring Technology or hardware telemetry capabilities that are coming with Tiger Lake. The Linux support continues to be worked on for this "PMT" functionality although it looks like the work won't be ready in time for the imminent Linux 5.9 kernel merge window.

  •          

  • "Speakup" Promoted Out Of Staging For Linux 5.9

    The Speakup screen reader that is built into the kernel and allows for speaking all text printed to the text console from boot-up to shutdown for assisting blind individuals is now being promoted out of staging with Linux 5.9. 

    Speakup has been around for more than a decade so blind users can interact with the video console / VT. There are a number of speech synthesizers supported and has been organized via Linux-Speakup.org as "basically a bunch of blind people who like messing around with Linux and writing cool and, hopefully useful, software." 

Graphics: Alpha of Wayland's Weston 9.0, Emulating Input Devices In Wayland, Raspberry Pi 4 "V3DV" Vulkan Driver and X.Org/X11 Security

Filed under
Graphics/Benchmarks

  • weston 8.0.91
    This is the alpha release for Weston 9.0.0. This release cycle has been
    pretty quiet, with just a few new features:
    
    
    
    
    - A new kiosk shell allows to display regular desktop apps in an
      always-fullscreen mode
    - Improved testing infrastructure: the test harness has been
      redesigned, DRM tests are now supported, DRM and OpenGL tests are now
      enabled in our CI
    - DRM panel orientation property support
    
    
    
    
    As always, a number of bug fixes are included as well.
    
    
    
    
    Thanks to all contributors!
    
    
    
    
    Full commit history below.
    
  •        

  • Wayland's Weston 9.0 Reaches Alpha

    Weston 9.0 release preparations are getting underway. At least compared to the original Weston 9.0 release plans, this Wayland compositor is running about a month behind those plans but in any case the release is now making its way to reality. 

    On Thursday shortly after the Weston kiosk/full-screen shell was merged, Weston 9.0 Alpha was tagged in getting the release process moving forward. Simor Ser is again serving as release manager. 

  • RFC: libei - emulated input in Wayland compositors
    I've been working on a new approach for allowing emulated input devices in
    Wayland. Or in short - how can we make xdotool and synergy work? And
    eventually replace them.
    
    
    
    
    The proposal I have is a library for Emulated Input, in short libei.
      https://gitlab.freedesktop.org/whot/libei/
    
    
    
    
    libei has two parts, the client side (libei) for applications and
    a server side (libeis) for the compositor. The two libraries communicate
    with each other (how? doesn't matter, it's an implementation detail) to
    negotiate input devices.
    
    
    
    
    The process is roughly:
    - the libei client connects and says "I am org.freedesktop.SomeApplication
      and I want a pointer and a keyboard device"
    - the libeis server says "ok, you can have a pointer device and a keyboard
      device"
    - the libei client says 'move the pointer by 1/1', etc. and the server does
      just that. or not, depending on context.
    
    
    
    
    There are more details, see the README in the repo and the libei.h and
    libeis.h header files that describe the API.
    
    
    
    
    The sticking point here is: emulated input comes via a separate channel.
    The server a) knows it's emulated input, b) knows who it is coming from and
    c) has complete control over the input.
    
    
    
    
    a) is interesting because you can differ between the events internally. The
    API right now is very similar to libinput's events so integrating it into a
    compositor should be trivial.
    
    
    
    
    b) is somewhat handwavy if an application runs outside a sandbox - any
    information will be unreliable. Flatpak gives you an app-id though and
    with that we can (eventually) do things like storing the allow/deny
    decisions of the user in the portal implementation.
    
    
    
    
    c) allows you to e.g. suspend the client when convenient or just ignore
    certain sequences altogether. The two made-up examples are: suspend EI
    during a password prompt, or allow EI from the software yubikey *only*
    during a password prompt.
    
    
    
    
    Now, the next question is: how do they *start* talking to each other?
    libei provides multiple backends for the initial connection negotiation. My
    goal is to have this work with flatpak portals so an application running
    within the sandbox can be restricted accordingly. Alternatives to this could
    be public DBus interfaces, simple fd passing or (as is implemented right
    now) a named unix socket.
    
    
    
    
    The aim is that a client can simply iterate through all of the options until
    finds a connection. Once that's found, the actual code for emulating input is
    always the same so it's trivial to implement a client that works on any
    compositor that supports some backend of libeis.
    The server part only needs to care about the negotiation mechanisms it
    allows, i.e. GNOME will only have dbus/portal, sway will only have... dunno,
    fd exchange maybe?
    
    
    
    
    Next: because we have a separate channel for emulated input we can hook up
    XTEST to use libei to talk to a compositor. I have a PoC implementation for
    weston and Xwayland:
      https://gitlab.freedesktop.org/whot/weston/-/commits/wip/eis
      https://gitlab.freedesktop.org/whot/xserver/-/commits/wip/xwayland-eis
    With that xdotool can move the pointer. Note this is truly the most minimal
    code just to illustrate the point but you can fill in the blanks and do
    things like the compositor preventing XTEST or not, etc.
    
    
    
    
    This is all in very early stages with very little error checking so things
    will probably crash or disconnect unexpectedly. I've tried to document the
    API to make the intentions clear but there are still some very handwavy
    bits.
    
    
    
    
    Do let me know if you have any questions or suggestions please though.
    
    
    
    
    Cheers,
      Peter
    
    
    
    
    
  • LIBEI Yields New Effort For Emulating Input Devices In Wayland

    Red Hat's input expert Peter Hutterer has started writing another library to help the Linux input ecosystem: LIBEI. This new library is focused on offering emulated input device support for Wayland in order to support use-cases like xdotool for automating input events. 

    The LIBEI library is working to support emulated input use-cases on Wayland to offer functionality akin to X11's xdotool automation software or the Synergy software for sharing keyboard/mouse setups between systems. LIBEI consists of a client library for applications and then a server-side library (LIBEIS) for the Wayland compositor integration. These two libraries communicate with each other for negotiating the emulated input events.

  • Alejandro Piñeiro: v3dv status update 2020-07-31

    Pipeline cache objects allow the result of pipeline construction to be reused. Usually (and specifically on our implementation) that means caching compiled shaders. Reuse can be achieved between pipelines creation during the same application run by passing the same pipeline cache object when creating multiple pipelines. Reuse across runs of an application is achieved by retrieving pipeline cache contents in one run of an application, saving the contents, and using them to preinitialize a pipeline cache on a subsequent run.

    Note that it can happens that a pipeline cache would not improve the performance of an application once that it starts to render. This is because application developers are encourage to create all the pipelines in advance, to avoid any hiccup during rendering. On that situation pipeline cache would help to reduce load times. In any case, that is not always avoidable. In that case the pipeline cache would allow to reduce the hiccup, as a cache hit is far faster than a shader recompilation.

    One specific detail about our implementation is that internally we keep a default pipeline cache, used if the user doesn’t provide a pipeline cache when creating a pipeline, and also to cache the custom shaders we use for internal operations. This allowed to simplify our code, discarding some custom caches that had alread implemented.

  • Raspberry Pi 4 "V3DV" Vulkan Driver Begins Tackling MSAA, Other Improvements

    This month the Raspberry Pi Foundation funded "V3DV" open-source Vulkan driver for the Raspberry Pi 4 began being able to run vkQuake. In ending out July, the developers at consulting firm Igalia who are working on this driver for the Raspberry Pi Foundation shared some of their latest driver activity. 

  •         

  • X.Org's Latest Security Woes Are Bugs In LibX11, Xserver

    The X.Org/X11 Server has been hit by many security vulnerabilities over the past decade as security researchers eye more open-source software. Some of these vulnerabilities date back to even the 80's and 90's given how X11 has built up over time. The X.Org Server security was previously characterized as being even worse than it looks while today the latest vulnerabilities have been made public. 

    CVE-2020-14344 is now public and covers multiple integer overflows and signed/unsigned comparison issues within the X Input Method implementation in the libX11 library. These issues can lead to heap corruption when handling malformed messages from an input method. 

Python Programming

Filed under
Development

  • Python 3.8.5 : PyEphem astronomy library for Python - part 001.
  • Creating multiple windows in PyQt5/PySide2

    In an earlier tutorial we've already covered how to open dialog windows. These are special windows which (by default) grab the focus of the user, and run their own event loop, effectively blocking the execution of the rest of your app.

    However, quite often you will want to open a second window in an application, without interrupting the main window -- for example, to show the output of some long-running process, or display graphs or other visualizations. Alternatively, you may want to create an application that allows you to work on multiple documents at once, in their own windows.

    It's relatively straightforward to open new windows but there are a few things to keep in mind to make sure they work well. In this tutorial we'll step through how to create a new window, and how to show and hide external windows on demand.

  • Real Python Podcast Interview

    I am on the latest Real Python podcast where I talk about my ReportLab book, wxPython, and lots more.

    The podcast episode that I take part in is called Episode 20: Building PDFs in Python with ReportLab. Check it out and feel free to ask questions in the comments.

  • Real Python Episode 20: Building PDFs in Python with ReportLab

    Have you wanted to generate advanced reports as PDFs using Python? Maybe you want to build documents with tables, images, or fillable forms. This week on the show we have Mike Driscoll to talk about his book “ReportLab - PDF Processing with Python.”

    Mike is an author of multiple books about Python, and has recently re-written his Python 101 book. He is also a member of the Real Python team and has written several articles for the site. Along with our discussion about ReportLab and PDFs, Mike talks about being a self-published author. We also talk briefly about his favorite Python GUI framework.

  • Bring your Mycroft AI voice assistant skill to life with Python

    In the first two articles of this series on Mycroft, an open source, privacy-focused digital voice assistant, I covered the background behind voice assistants and some of Mycroft's core tenets. In Part 3, I started outlining the Python code required to provide some basic functionality to a skill that adds items to OurGroceries, a grocery list app. And in Part 4, I talked about the different types of intent parsers (and when to use each) and expanded the Python code so Mycroft could provide audible feedback while working through the skill.

    In this fifth article, I will walk through the remaining sections required to build this skill. I'll talk about project dependencies, logging output for debugging purposes, working with the Mycroft web UI for setting values (such as usernames and passwords), and how to get this information into your Python code.

  • PSF GSoC students blogs: Week 5 Blog Post
  • PSF GSoC students blogs: Week 8

today's howtos

Filed under
HowTos

Sysadmin Appreciation Day and More Homage to Sysadmins

Filed under
GNU
Linux
Server

  • Celebrate Sysadmin Appreciation Day today

    Happy Sysadmin Appreciation Day, and thank you for all you do. When email is flowing, databases just work as they should, and the network is screaming (in a good way), you can focus on more challenging things, like how to automate tasks to make your sysadmin life easier.

    But when things break, and we know they will, it's all hands on deck to fix the problem and find the root cause, so it doesn't happen again. Sometimes, you'll find that elusive answer, and sometimes you put your hands up and move on to the next fire.

    Here at Enable Sysadmin, we're building a great community of authors who want to share their stories, their expertise, and learn from each other. In May 2020, we officially launched our Sudoers program to recognize our core contributors, and we invite you to check it out and join us.

  • Celebrate Sys Admin Appreciation Day with Special Free Issue from ADMIN Magazine

    System Administrator Appreciation Day is a special day dedicated to system administrators around the world. This year, FOSSlife and ADMIN Network & Security are partnering to provide another installment of the ADMIN "Terrific Tools" series, dedicated to the tireless professionals who keep our networks alive and well.

    Celebrate System Administrator Appreciation Day with this collection of articles on free tools for IT professionals. This special digital issue includes useful utilities that will help you search out rootkits, monitor network traffic, generate easy-to-use passwords, and much more. Bonus articles explore hidden command-line tools and describe how to find resource bottlenecks with eBPF.

  • July 31, 2020: Celebrate “System Administrator Appreciation Day” Today

    Ted Kekatos, a System Administrator by profession got inspired by an Advertisement in Hewlett-Packard Magazine where an Administrator is greeted in the form of flowers and fruit-baskets by thankful co-workers for their new printer installed.

    Kekatos idea was further recognized and promoted by lots of IT organizations and professional including the ‘League of Professional System Administrator‘, SAGE/USENIX, etc.

    The first System Administrator Appreciation Day was celebrated on July 28, 2000. And since then celebrating System Administrator Appreciation Day every year gets a worldly recognition and today we reached the figure 21st.

  • What sysadmins wish their co-workers knew about their jobs

    You have a problem, and reach out to the help desk or your friendly neighborhood admin. It's a quick fix, you're sure, but ugh they want you to file a ticket! What a pain, right? It might sound like they're giving you the cold shoulder but that's (usually) not the case. Admins want users to file tickets for a number of reasons.

    First of all, it helps them manage their time. It's hard to focus on longer projects when you are pelted with "this will just take five minutes" requests all day. Also, other people have been waiting for their ticket to be handled.

    Secondly, admins may need to account for their work and demonstrate that they are -- in fact -- busy and not just playing Doom Eternal all afternoon.

    Also, it helps keep track of problems that crop up frequently and assists with institutional memory. A well-kept ticketing system with a good search tool can help admins identify long-term problems that need fixing, and reduce the time to fix problems in the future by documenting how they were fixed today.

  • The sysadmin's journey: A series of unexpected events

    As part of the 21st annual System Administrator Appreciation Day celebration, I want to share these four pillars to help you improve your skills, just as they did with me.

Magnus – A Simple Screen Magnifier for Ubuntu

Filed under
Software

Looking for a desktop magnifier? Besides enabling the built-in screen magnifier, there are a few third-party applications can do the job.

Magnus is a very simple desktop magnifier written in Python 3. It shows the area around the mouse pointer in a separate window magnified two, three, four, or five times. Useful for users who need magnification, whether to help with eyesight or for accurate graphical design or detail work.

Read more

Has Ubuntu 20.04 Finally Come Far Enough to Take on Windows? It Sure Seems Like It

Filed under
GNU
Linux
Microsoft
Ubuntu

Microsoft Windows has become the default operating system on Laptops and PC. So much so that Laptops now come with Windows pre-installed. Previously it used to be the case that many laptop manufacturers used to offer their products with no operating system or DOS. Since Windows 10 came into the world everything changed. You can run Windows 10 for free and get all the updates as well and without using any cracked versions. One could even argue that Microsoft went the Google route with Windows. So is windows better now or not?

Well, it certainly seems that offering your product for free does come with a few compromises. One of the biggest ones is the compromise on Privacy. Most people are just average users who buy a machine and just use it without reading the terms of service and don’t tinker around with the settings. So is it worth it to use Windows still? The answer depends from one person to another but most users will argue that Windows has a polished UI and as a ton of support and software that will run flawlessly on the OS. That aspect of the argument is true if you are a content creator or video editor but if you are a developer or just a tech nerd then it might not be the case.

Read more

More in Tux Machines

Running out of disk space? It's time to check whether Flatpak is the reason. Here's how.

Here’s how to clean up Flatpak apps to reclaim your precious disk space. Follow along.  Read more

Android Leftovers

KDE: Multi-Axes Made Easy

Today we want to introduce the last of the new features we are implementing into the 2.9 release which we have recently finalized. To demo this new feature, let’s use an example contributed by one of our users. This example is based upon the measurement data from a solar cell. The so-called “incident photon to current efficiency” (IPCE) tells us how many incoming photons are converted into free electrons in the cell. This conversion efficiency, together with the generated current and their dependency on the wavelength of the incoming light, are the usual subjects of studies and optimizations for solar cells. Consider the example where we want to plot the IPCE and the current density in the same plot and to see their behavior as a function of the wavelength. Your first idea may be to just lay out the curves for the plot like this... Read more

Android Leftovers