Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Tuesday, 20 Aug 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Typesort icon Title Author Replies Last Post
goblinxfc srlinuxx 26/04/2007 - 6:30pm
nixsys.com srlinuxx 24/09/2007 - 11:24pm
wolvixondisk srlinuxx 02/10/2007 - 10:49pm
arnybw srlinuxx 18/10/2007 - 3:39pm
webpathinlovelinux srlinuxx 07/02/2008 - 3:44pm
bluewhite srlinuxx 25/03/2008 - 10:44pm
pclos srlinuxx 15/06/2008 - 11:18pm
nixsys2 srlinuxx 18/08/2008 - 7:12am
nixsys3 srlinuxx 18/08/2008 - 7:22am
gg 480x60 srlinuxx 03/09/2008 - 11:55am

Is Fedora Linux a Good Distro? The 15 Best Reasons to Use Fedora Linux

Filed under
Red Hat

It goes without saying that Fedora Linux is one of the best Linux distributions and significantly distinct with its properties. There is no denying that it is an enticing version of Linux and there are enough reasons to be lured with the Fedora. It offers far ranges of features that have made it an undeniable choice for the users. There is a close and intimate collaboration between Fedora and “Redhat” what has given a new dimension of this Linux version. It is more comfortable to use, user-friendly and latest technology oriented; thus, there are many obvious reasons for loving in it.

[...]

The various distribution of Linux system is recognized for easy-going properties, albeit Fedora is the easiest one in this context. Having an easier interface, users are capable of dealing with it very easily since the boot phase. When the boot is done, users will be guided with simple features to run it the way they desire.

Read more

Dualboot Ubuntu 19.04 and Debian 10 on a 32GB USB Stick

Filed under
Debian
Ubuntu

Ubuntu 19.04, or Disco Dingo, and Debian 10, or Buster, are two latest versions in 2019 of two most popular GNU/Linux distros I already wrote about here and here. This tutorial explains dualboot installation procedures in simple way for Ubuntu Disco Dingo and Debian Buster computer operating systems onto a portable USB Flash Drive. There are 2 advantages of this kind of portable dualbooting; first, it's safer for your data in internal HDD and second, you can bring both OSes with you everywhere you go. You will prepare the partitions first, then install Ubuntu, and then install Debian, and finally finish up the GRUB bootloader, and enjoy. Go ahead!

Read more

Compute module offers choice of 8th or 9th Gen Coffee Lake

Filed under
Linux

Aaeon’s “COM-CFHB6” COM Express Basic Type 6 module is available with 8th or 9th Gen H-series Core and Xeon CPUs and offers up to 48GB DDR4 with ECC plus support for 12x USB ports and 24 PCIe 3.0 lanes.

Aaeon has announced a COM Express Basic Type 6 module that supports Intel’s 8th Gen Coffee Lake and 9th Gen Coffee Lake Refresh H-series chips. We’ve seen similar combinations on Congatec’s refreshed Conga-TS370 and Kontron’s similarly updated COMe-bCL6. The new COM-CFHB6 module follows other Aaeon Basic Type 6 entries including its 6th Gen Skylake powered COM-KBHB6.

Read more

Alpine 3.10.2 released

Filed under
GNU
Linux

The Alpine Linux project is pleased to announce the immediate availability of version 3.10.2 of its Alpine Linux operating system.

Read more

Security: Updates, Linux "Lockdown" Patches, Webmin FUD (Mischaracterisation) and Dawn for Security Vulnerabilities in HPC

Filed under
Security
  • Security updates for Tuesday

    Security updates have been issued by Debian (flask), openSUSE (clementine, dkgpg, libTMCG, openexr, and zstd), Oracle (kernel, mysql:8.0, redis:5, and subversion:1.10), SUSE (nodejs6, python-Django, and rubygem-rails-html-sanitizer), and Ubuntu (cups, docker, docker-credential-helpers, kconfig, kde4libs, libreoffice, nova, and openldap).

  • Linux "Lockdown" Patches Hit Their 40th Revision

    The long-running Linux "Lockdown" patches were sent out again overnight for their 40th time but it remains to be seen if these security-oriented patches will be pulled in for the upcoming Linux 5.4 cycle.

    The Linux Lockdown functionality is for restricting access to the kernel and underlying hardware by blocking writes to /dev/mem, restricting PCI BAR and CPU MSR access, disabling system hibernation support, limiting Tracefs, and restricting or outright disabling other functionality that could alter the hardware state or running Linux kernel image.

    Linux Lockdown has been opt-in only and designed for use-cases like honoring UEFI SecureBoot for ensuring nothing nefarious could happen once booted into the operating system by bad actors. Most end-users won't voluntarily want the lockdown mode due to all the restrictions in place, but could be a favor for enterprises and very security conscious users.

  • Backdoor Found in Webmin Utility [Ed: It is not a back door but a bug inserted by a malicious entity rather than the project developers themselves; this incident demonstrates or classically highlights the need for reproducible builds.]

    On August 17, the developer of the popular Webmin and Usermin Unix tools pushed out an update to fix a handful of security issues. Normally that wouldn’t generate an avalanche of interest, but in this case, one of those vulnerabilities was introduced intentionally by someone who was able to compromise the software build infrastructure used by the developers.

  • A New Dawn for Security Vulnerabilities in HPC

    In February 2018, Russian nuclear scientists at the Federal Nuclear Center were arrested for using their supercomputer resources to mine the crypto-currency, Bitcoin. Previously, high-performance computing (HPC) security breaches like this tended to be few and far between. However, recent trends are increasing the vulnerabilities and threats faced by HPC systems.

    Previously, compute clusters enjoyed a level of security through obscurity due to their idiosyncratic architectures in terms of both hardware, with different CPU architectures and networking, and software of often home-grown applications running on Unix-like operating systems. In addition, the reward for compromising a cluster wasn’t all that great. Although hacking into HPC data generated by atomic weapons research and pharmaceutical modelling does present a valuable outcome; meteorological institutes, astrophysics laboratories or other mathematical research is less so.

Lauterbach to support JTAG debug for RISC-V Linux

Filed under
Linux
Hardware

The Linux Kernel Awareness adaptation for the TRACE32 debugger is MMU aware. This allows symbols to be loaded for each process, kernel module or shared library in the target system and assigns them to the correct memory partition. This approach gives developers the ability to view and control all components of a target system from within the TRACE32 environment: kernel, kernel modules, device drivers, interrupt service routines, processes, threads and shared libraries.

In addition to all standard JTAG features, some unique special extensions are provided, such as process aware breakpoints that can be set to trigger when a piece of shared code is executed by a particular thread or process, ability to read the kernel logs and to inspect the /proc and /sys filesystems and all mountpoints. The system is also fully SMP aware and supports multi-core designs where the kernel is able to schedule processes dynamically across a number of processor cores, providing users with complete system visibility in a system which is self-managing according to real-world demands.

Read more

Raspberry Pi gets MIT's Scratch 3 programming language for Raspbian

Filed under
Development
Hardware

Ever since Scratch 3 was released this January, a team at the Raspberry Pi Foundation has been working with MIT to develop an offline, installable version for the Raspberry Pi.

That offline version is now available, offering students and beginners an easy environment to begin coding with the language's visual 'code blocks', as well as paint and sound-editing tools.

Scratch 3 requires installing the latest version of Raspbian known as 'Buster', the latest version of Debian Linux that was released alongside the Raspberry Pi 4 in June.

Due to the memory requirements of Scratch 3, the Raspberry Pi Foundation is recommending it is installed on a Raspberry Pi 4 with at least 2GB of RAM. The 2GB model costs $45.

Read more

Also: GCC 10 Lands Support For -march=tigerlake & -march=cooperlake

Games Leftovers

Filed under
Gaming
  • Attack of the Clones with custom Proton builds for Steam Play

    I know how you all love to tinker, so how about tinkering away with some custom builds of Steam Play Proton on this fine Tuesday afternoon?

    There's a feature in the Steam client on Linux that enables you to add in your own special builds of Steam Play and other compatibility tools like Boxtron for native DOSBox. A very useful feature, since the community can build on top of work done by Valve to make Linux gaming with Steam Play even better.

    One such custom build of Proton which recently released is Proton-i 4.13-3. This one is quite simple with a few little updates and fixes like moving Proton 4.11-2 patches on top of Wine 4.13, a fix for Unreal Engine 4 and a few other little changes. Likely a good one to try, if you just want to be that little bit more up to date.

  • Mixing Tower Defense with production chains, the free and open source game Mindustry has a big update

    Could this be your next time sink? Mindustry merges together Tower Defense style gameplay with production chains from the likes of Factorio.

    A few days ago, the developer released the final 4.0 build which is an absolutely massive update to Mindustry. It took 88 builds to get there and it was worth the wait. It's an overhaul to all parts of the game including new gamemodes, customizable rules, a new editor, new graphics, new enemies, unit production, new progression, a campaign and more.

  • Wasteland 3 has an impressive new trailer for Gamescom

    inXile Entertainment have shown off more of their upcoming party-based RPG Wasteland 3 at Gamescom and it's looking great.

  • Areia: Pathway to Dawn aims to be a relaxing meditative adventure game

    Areia: Pathway to Dawn from Gilp Studio was just recently announced with the developer promising it to be a "journey like no other".

    It's an adventure game, with a few puzzle elements to it and a wondrous style. The developer said it's a game about emotions and spiritual growth, a tale of wonder as you explore a land inhabited by only one character. It's supposed to be a calming experience, with Gilp Studio saying it's "a unique addition to the range of meditative games".

today's howtos and leftover

Filed under
Misc
HowTos
  • Overview of Linux system + getting around
  • Rename all files in lower case
  • Install Nginx with Server Blocks (Virtual Hosts) on Debian 10
  • GNOME 3.34 Works Out Refined XWayland Support For X11 Apps Run Under Sudo

    GNOME 3.34 continues to look like an incredibly great release in the performance department as well as for Wayland users.

    Earlier this summer, support was added to GNOME's Mutter to generate an Xauth file and passing it to XWayland when starting. The focus of that Red Hat contribution was for allowing X.Org/X11 applications to be run under XWayland as sudo. Up to this point when using sudo with an X11 app on Wayland, it hasn't worked out but this addition for GNOME 3.34 corrects that behavior.

  • Sonoff S55 Waterproof WiFi Smart Sockets are Offered in Six Regional Variants

    When WiFi smart sockets (aka smart plugs) started to appear a few years ago, they were often only available with either US or China plugs, and users from Europe, UK or other locales...

  • Toybrick TB-RK1808 AI Compute Stick is now Available for $86

    Last May, we wrote about RK1808 AI Compute Stick, a USB stick with Rockchip RK1808 dual-core Cortex-A35 processor also featuring a 3.0 TOPS neural processing unit to accelerate AI workloads...

  • DragonFlyBSD Developing DSynth As Synth Rewrite For Custom Package Building

    Adding to another creation being worked on by DragonFlyBSD lead developer Matthew Dillon, DSynth is a C rewrite of the FreeBSD originating Synth program that serves as a custom package repository builder.

  • RADV Vulkan Driver Lands Renoir APU Support In Time For Mesa 19.2

    Just hours ahead of the Mesa 19.2 feature freeze and days after the RadeonSI OpenGL driver added Renoir support, the RADV Vulkan driver has picked up support for this next-gen Zen 2 + Vega APU.

    The support comes down to just eight lines of new code for this new APU rumored to be launching in 2020. While it was hoped that this would be the first APU built on the Zen 2 CPU microarchitecture and with Navi graphics, the open-source Linux driver code drops have all pointed it to be more of a Raven/Vega refresh on the graphics side.

  • DevNation Live: Plumbing Kubernetes builds | Deploy with Tekton

    DevNation Live tech talks are hosted by the Red Hat technologists who create our products. These sessions include real solutions and code and sample projects to help you get started. In this talk, you’ll learn about Tekton, a Kubernetes-native way of defining and running CI/CD, from Kamesh Sampath, Principal Software Engineer at Red Hat.

    The session explores the characteristics of Tekton, which is cloud-native, decoupled, and declarative. This demo-filled session will show how to combine various building blocks of Tekton to build and deploy (Tasks and Pipelines) a Kubernetes application.

Security: Hacker Summer Camp, Nexus Repository, Ransomware, Web Server Security

Filed under
Security
  • Hacker Summer Camp 2019: CTFs for Fun & Profit

    Okay, I’m back from Summer Camp and have caught up (slightly) on life. I had the privilege of giving a talk at BSidesLV entitled “CTFs for Fun and Profit: Playing Games to Build Your Skills.” I wanted to post a quick link to my slides and talk about the IoT CTF I had the chance to play.

    I played in the IoT Village CTF at DEF CON, which was interesting because it uses real-world devices with real-world vulnerabilities instead of the typical made-up challenges in a CTF. On the other hand, I’m a little disappointed that it seems pretty similar (maybe even the same) year-to-year, not providing much variety or new learning experiences if you’ve played before.

  • Nexus Repository Now Supports APT

    Beginning with version 3.17, Nexus Repository Manager supports APT (Advanced Package Tool) repositories. APT is a set of tools used to search, install, and manage packages on Debian, Ubuntu, and similar Linux distributions. With this new release, you can now host your own local APT repos. Developers benefit from no longer having to rely on connecting externally to a public repository every time an often-used package is needed.

    In the case of Debian-based Docker containers, the ability to locally cache Debian packages from public repositories can save copious amounts of time when rebuilding your containers. This can do wonders especially for containers built frequently in a CI pipeline and for the more traditional use-case of provisioning virtual machines.

  • Ransomware attack has hit 20 government agencies in Texas [iophk: Windows TCO]

    This week the state of Texas has joined the list of targets. According to Texas’s Department of Information Resources (DIR), more than 20 local government entities have been impacted by a ‘coordinated ransomware attack.’ DIR states that “the Texas Military Department, and the Texas A&M University System’s Cyberresponse and Security Operations Center teams are deploying resources to the most critically impacted jurisdictions.”

    No disclosure has beeen made regarding how much of a payment is being requested, though given recent attacks on other states the amount is likely to be eye-watering. Also absent is any information on which ‘local government entities’ have been affected.

  • Web server security – Part 8: Basic log file analysis

    Tools like lnav (“The Log File Navigator”) allow quicker analysis of log files. Instead of manually searching for attack-like behavior, you can use SQL queries, load and combine multiple files at once, and switch between different views.

    However, keep in mind that not only tools but also underlying processes and organization are important. You must know where log files are stored, how they are created and how long information is available. This requires a basic security concept. Understand the structure of your log files, and use customization of logging rules if available.

Chromebooks Switching Over To The BFQ I/O Scheduler

Filed under
Linux
Google

On Chromebooks when moving to the latest Chrome OS that switches over to a Linux 4.19 based kernel, BFQ has become the default I/O scheduler.

BFQ has been maturing nicely and as of late there's been an uptick in interest around this I/O scheduler with some also calling for it to be used by default in distributions. Google has decided BFQ is attractive enough to enable by default for Chromebooks to provide better responsiveness.

Read more

Debian: Salsa, Promoting Debian LTS and Debian Patch Porting System

Filed under
Debian
  • salsa.debian.org: Postmortem of failed Docker registry move

    The Salsa admin team provides the following report about the failed migration of the Docker container registry. The Docker container registry stores Docker images, which are for example used in the Salsa CI toolset. This migration would have moved all data off to Google Cloud Storage (GCS) and would have lowered the used file system space on Debian systems significantly.

    [...]

    On 2019-08-06 the migration process was started. The migration itself went fine, although it took a bit longer than anticipated. However, as not all parts of the migration had been properly tested, a test of the garbage collection triggered a bug in the software.

    On 2019-08-10 the Salsa admins started to see problems with garbage collection. The job running it timed out after one hour. Within this timeframe it not even managed to collect information about all used layers to see what it can cleanup. A source code analysis showed that this design flaw can't be fixed.

    On 2019-08-13 the change was rolled back to storing data on the file system.

  • Raphaël Hertzog: Promoting Debian LTS with stickers, flyers and a video

    With the agreement of the Debian LTS contributors funded by Freexian, earlier this year I decided to spend some Freexian money on marketing: we sponsored DebConf 19 as a bronze sponsor and we prepared some stickers and flyers to give out during the event.

    The stickers only promote the Debian LTS project with the semi-official logo we have been using and a link to the wiki page. You can see them on the back of a laptop in the picture below.

  • Raphaël Hertzog: Freexian’s report about Debian Long Term Support, July 2019

    Like each month, here comes a report about the work of paid contributors to Debian LTS.

  • Jaskaran Singh: GSoC Final Report

    The Debian Patch Porting System aims to systematize and partially automate the security patch porting process.

    In this Google Summer of Code (2019), I wrote a webcrawler to extract security patches for a given security vulnerability identifier. This webcrawler or patch-finder serves as the first step of the Debian Patch Porting System.

    The Patch-finder should recognize numerous vulnerability identifiers. These identifiers can be security advisories (DSA, GLSA, RHSA), vulnerability identifiers (OVAL, CVE), etc. So far, it can identify CVE, DSA (Debian Security Advisory), GLSA (Gentoo Linux Security Advisory) and RHSA (Red Hat Security Advisory).

    Each vulnerability identifier has a list of entrypoint URLs associated with it. These URLs are used to initiate the patch finding.

Marek’s Take: Why open source communities are critical to operators

Filed under
OSS

Open source locks down standards in code and makes sure it is interoperable, Rice said. “That’s why it’s symbiotic. Standards are options but they come together because they are built on one another.”

And, similar to standards bodies, where delegates work side-by-side with competitors to develop global specifications, the same occurs in open source groups.

Read more

The infrastructure is code: A story of COBOL and Go

Filed under
Development

But what about today? With the decline of mainframes and the rise of newer and more innovative languages designed for the web and cloud, where does COBOL sit?

As last week's episode of Command Line Heroes mentioned, in the late 1990s, Perl (as well as JavaScript and C++) was outpacing COBOL. And, as Perl's creator, Larry Wall stated then: "COBOL is no big deal these days since demand for COBOL seems to be trailing off, for some strange reason."

Read more

Video and Audio: Neptune OS 6.0, Test and Code, GNU World Order, Coder Radio and This Week in Linux

Filed under
GNU
Linux
  • Neptune OS 6.0 Run Through

    In this video, we are looking at Neptune OS 6.0. Enjoy!

  • Test and Code: 84: CircuitPython - Scott Shawcroft

    The combination of Python's ease of use and Adafruit's super cool hardware and a focus on a successful beginner experience makes learning to write code that controls hardware super fun.

    In this episode, Scott Shawcroft, the project lead, talks about the past, present, and future of CircuitPython, and discusses the focus on the beginner.

    We also discuss contributing to the project, testing CircuitPython, and many of the cool projects and hardware boards that can use CircuitPython, and Blinka, a library to allow you to use "CircuitPython APIs for non-CircuitPython versions of Python such as CPython on Linux and MicroPython," including Raspberry Pi.

  • GNU World Order 13x34
  • Absurd Abstractions | Coder Radio 371

    It’s a Coder Radio special all about abstraction. What it is, why we need it, and what to do when it leaks.

    Plus your feedback, Mike’s next language challenge, and a functional ruby pick.

  • KDE Apps 19.08, KNOPPIX, System76, Slackware, Huawei, EndeavourOS, Dreamcast | This Week in Linux 79

    On this episode of This Week in Linux, KDE announced their latest big release of their Application Suite with dozens of new app updates. We got some Distro news to talk about with KNOPPIX, Slackware, EndeavourOS and Neptune Linux. System76 announced some really cool news with their new Graphical Firmware Manager tool.

Games: Underworld Ascendant, Dark Envoy and Elite Dangerous

Filed under
Gaming
  • Underworld Ascendant's Linux port has now been released

    Get ready to dungeon crawl! After many delays, the sequel to the classic Ultima Underworld games has finally seen a Linux release.

  • Event Horizon (Tower of Time) show off the first gameplay from their next RPG Dark Envoy

    Ah Gamescom has arrived, which means tons of games will be shown off over the next week. Event Horizon (Tower of Time dev) are getting in on the action, to show off footage from their brand new RPG called Dark Envoy.

    For those who missed the previous article, it is already confirmed to be coming to Linux. To save you a click, when asked they said "We spent a considerable effort to make Tower of Time run well on Linux - so now, being more experienced with it, we also plan to release on Linux at the same time as PC launch.".

  • Going where no Steam Play has gone before with Elite Dangerous

    What’s the one game keeping you a dual booter? Maybe it’s PUBG, or Rainbow Six: Siege? Maybe it used to be Overwatch? For me, that game was Elite Dangerous, and one year on from Proton’s release, I have a story to tell.

    There’s a certain “je ne sais quoi” about Elite Dangerous that I’ve never been able to put my finger on. It’s a game set in a scientifically modelled, full-scale replica of the whole Milky Way galaxy, and as with that setting, the game is truly vast, remarkably cold, and frequently incomprehensible. Yet, when playing Elite, I get the same feeling as when looking up at the stars on a dark and moonless night — my hungry soul is fed. Or it could just be space madness. Regardless, it’s a feeling that I like to dip into every once in a while, immerse myself in, and try not to drown.

Red Hat and Fedora: HPC, Ansible and More Flock Reports

Filed under
Android
  • HPC workloads in containers: Comparison of container run-times

    Recently, I worked on an interesting project to evaluate different container run-times for high-performance computing (HPC) clusters. HPC clusters are what we once knew as supercomputers. Today, instead of giant mainframes, they are hundreds, thousands, or tens of thousands of massively parallel systems. Since performance is critical, virtualization with tools like virtual machines or Docker containers was not realistic. The overhead was too much compared to bare metal.

  • A project manager's guide to Ansible

    For project managers, it's important to know that deploying Ansible will improve the effectiveness of a company's IT. Employees will spend less time trying to troubleshoot their own configuration, deployment, and provisioning. Ansible is designed to be a straightforward, reliable way to automate a network's IT tasks.

    Further, development teams can use the Ansible Tower to track applications from development to production. Ansible Tower includes everything from role-based access to graphical inventory management and enables teams to remain on the same page even with complex tasks.

    Ansible has a number of fantastic use cases and provides substantial productivity gains for both internal teams and the IT infrastructure as a whole. It's free, easy to use, and robust. By automating IT with Ansible, project managers will find that their teams can work more effectively without the burden of having to manage their own IT—and that IT works more smoothly overall.

  • Flock to Fedora '19

    I had a wonderful opportunity to go to Fedora’s annual contributor summit, Flock to Fedora in Budapest, Hungary. This is me penning down my takeaway from a week full of learning!

    [...]

    Apart from the talks, the conference outshone when it came to meeting mind-blowing developers. I got to know the most about Fedora and Red Hat through those interactions and it was a really pleasant experience. It was also super amazing to finally meet all the people I had been interacting with over the course of the internship in real life.

    My advice for any future Flock attendee would be to always make time to talk to people at Flock. Even I have a hard time interacting but the people are extremely nice and you get to learn a lot through those small interactions and end up making friends for a life time.

    Definitely taking back a tonne of memories, loads of pictures, and plethora of learning from this one week of experience.

  • Paul W. Frields: Flock 2019 in Budapest, Hungary.

    Last week I attended the Flock 2019 conference in Budapest, like many Fedora community members. There was a good mix of paid and volunteer community members at the event. That was nice to see, because I often worry about the overall aging of the community.

    Many people I know in Fedora have been with the project a long time. Over time, people’s lives change. Their jobs, family, or other circumstances move them in different directions. Sometimes this means they have less time for volunteer work, and they might not be active in a community like Fedora. So being able to refresh my view of who’s around and interested in an event like Flock was helpful.

    Also, at last year’s Flock in Dresden, after the first night of the conference, something I ate got the better of me — or I might have picked up a norovirus. I was out of commission for most of the remaining time, confined to my room to ride out whatever was ailing my gut. (It wasn’t pretty.) So I was glad this year also to be perfectly well, and able to attend the whole event. That was despite trying this terrible, terrible libation called ArchieMite, provided by my buddy Dennis Gilmore...

    [...]

    I also attended several sessions on Modularity. One of them was Merlin Mathesius’ presentation on tools for building modules. Merlin is on my team at Red Hat and I happened to know he hadn’t done a lot of public speaking. But you wouldn’t have guessed from his talk! It was well organized and logically presented. He gave a nice overview of how maintainers can use the available tools to build modules for community use.

    The Modularity group also held a discussion to hear about friction points with modularity. Much of the feedback lined up well with other inputs the group has received. We could solve some with better documentation and awareness. In some cases the tools could benefit from ease of use enhancements. In others, people were unaware of the difficult design decisions or choices that had to be made to produce a workable system. Fortunately there are some fixes on the way for tooling like the replacement for the so-called “Ursa Major” in Fedora. It allows normal packages to build against capabilities provided by modules.

Syndicate content

More in Tux Machines

Compute module offers choice of 8th or 9th Gen Coffee Lake

Aaeon’s “COM-CFHB6” COM Express Basic Type 6 module is available with 8th or 9th Gen H-series Core and Xeon CPUs and offers up to 48GB DDR4 with ECC plus support for 12x USB ports and 24 PCIe 3.0 lanes. Aaeon has announced a COM Express Basic Type 6 module that supports Intel’s 8th Gen Coffee Lake and 9th Gen Coffee Lake Refresh H-series chips. We’ve seen similar combinations on Congatec’s refreshed Conga-TS370 and Kontron’s similarly updated COMe-bCL6. The new COM-CFHB6 module follows other Aaeon Basic Type 6 entries including its 6th Gen Skylake powered COM-KBHB6. Read more

today's howtos

Alpine 3.10.2 released

The Alpine Linux project is pleased to announce the immediate availability of version 3.10.2 of its Alpine Linux operating system. Read more

Security: Updates, Linux "Lockdown" Patches, Webmin FUD (Mischaracterisation) and Dawn for Security Vulnerabilities in HPC

  • Security updates for Tuesday

    Security updates have been issued by Debian (flask), openSUSE (clementine, dkgpg, libTMCG, openexr, and zstd), Oracle (kernel, mysql:8.0, redis:5, and subversion:1.10), SUSE (nodejs6, python-Django, and rubygem-rails-html-sanitizer), and Ubuntu (cups, docker, docker-credential-helpers, kconfig, kde4libs, libreoffice, nova, and openldap).

  • Linux "Lockdown" Patches Hit Their 40th Revision

    The long-running Linux "Lockdown" patches were sent out again overnight for their 40th time but it remains to be seen if these security-oriented patches will be pulled in for the upcoming Linux 5.4 cycle. The Linux Lockdown functionality is for restricting access to the kernel and underlying hardware by blocking writes to /dev/mem, restricting PCI BAR and CPU MSR access, disabling system hibernation support, limiting Tracefs, and restricting or outright disabling other functionality that could alter the hardware state or running Linux kernel image. Linux Lockdown has been opt-in only and designed for use-cases like honoring UEFI SecureBoot for ensuring nothing nefarious could happen once booted into the operating system by bad actors. Most end-users won't voluntarily want the lockdown mode due to all the restrictions in place, but could be a favor for enterprises and very security conscious users.

  • Backdoor Found in Webmin Utility [Ed: It is not a back door but a bug inserted by a malicious entity rather than the project developers themselves; this incident demonstrates or classically highlights the need for reproducible builds.]

    On August 17, the developer of the popular Webmin and Usermin Unix tools pushed out an update to fix a handful of security issues. Normally that wouldn’t generate an avalanche of interest, but in this case, one of those vulnerabilities was introduced intentionally by someone who was able to compromise the software build infrastructure used by the developers.

  • A New Dawn for Security Vulnerabilities in HPC

    In February 2018, Russian nuclear scientists at the Federal Nuclear Center were arrested for using their supercomputer resources to mine the crypto-currency, Bitcoin. Previously, high-performance computing (HPC) security breaches like this tended to be few and far between. However, recent trends are increasing the vulnerabilities and threats faced by HPC systems. Previously, compute clusters enjoyed a level of security through obscurity due to their idiosyncratic architectures in terms of both hardware, with different CPU architectures and networking, and software of often home-grown applications running on Unix-like operating systems. In addition, the reward for compromising a cluster wasn’t all that great. Although hacking into HPC data generated by atomic weapons research and pharmaceutical modelling does present a valuable outcome; meteorological institutes, astrophysics laboratories or other mathematical research is less so.