Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Sunday, 09 May 21 - Tux Machines is a community-driven public service/news site which has been around for over a decade and a half and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Audacity Telemetry Roy Schestowitz 07/05/2021 - 11:53pm
Story VLC 4.0 Coming This Year With Completely Redesigned UI Roy Schestowitz 07/05/2021 - 11:52pm
Story Android Leftovers Rianne Schestowitz 07/05/2021 - 7:15pm
Story Wear OS May Finally Be Receiving an Update? Rianne Schestowitz 07/05/2021 - 7:10pm
Story Windows 10 Build 21370 vs. Ubuntu 21.04 Linux On AMD Ryzen 5900X Rianne Schestowitz 07/05/2021 - 7:08pm
Story eBPF for Advanced Linux Infrastructure Monitoring Rianne Schestowitz 07/05/2021 - 7:06pm
Story HDR in Linux: Part 1 Rianne Schestowitz 07/05/2021 - 7:02pm
Story Best Linux Distros for Small Businesses Rianne Schestowitz 07/05/2021 - 7:00pm
Story Julian Sparber: The internals of Fractal-next Roy Schestowitz 07/05/2021 - 4:19pm
Story An Interview With Linus Torvalds: Linux and Git Rianne Schestowitz 2 07/05/2021 - 4:16pm

The Great OS Replacement: How to Find the Best Linux Distribution

Filed under
OS
Linux

Picking the ideal Linux distribution takes research and planning. Not because Linux is a challenge. Rather, the Linux OS offers a seemingly unending selection of distributions to meet general computing as well as special needs for enterprise, SMBs, and personal use.

For enterprise and business-focused users, however, one popular choice has fallen into disfavor with CentOS 8 reaching its end-of-life status as a supported platform. But as is usually the case with the Linux infrastructure, ample replacements are available.

The CentOS community is turning its focus to the Stream fork as a replacement for a directional change by the CentOS sponsors. One major sticking point among CentOS users is that the CentOS community’s rolling releases may not align with most businesses’ infrastructural or organizational needs.

A rolling release is a Linux distribution that is updated from top to bottom on a regular basis, noted Thilo Huellmann, CEO of Levity AI. All, including user-space applications, the kernel, and daemons, is in a constant state of new.

Read more

Graphics: Wayland in GNUstep, Mesa 21.1, and More

Filed under
Graphics/Benchmarks
  • GNUstep Releases Early Wayland Support, Many Other Improvements Too

    GNUstep as the free software / GNU implementation of the Apple's Cocoa Objective-C frameworks is out with a new version.

    GNUstep's GUI library and GUI back-end are up to version 0.29 while GNUstep Base 1.28 has been released along with an updated GNUstep Makefile Package for re-implementing the APIs associated with Apple macOS.

    Notable with the GNUstep GUI Backend 0.29 is an "alpha version" of native Wayland back-end support. GNUstep software has worked with XWayland while now there is the preliminary Wayland code in place.

  • [Mesa-dev] [ANNOUNCE] mesa 21.1.0
    Hello everyone,
    
    Mesa 21.1.0 final is now available!
    There are a lot of new features, but I unfortunately didn't have time to
    make a list; I'm sure your favourite news website will pick up the slack :)
    
    The schedule from now on is to have a point release every other week,
    starting with .1 on the 19th.
    
    Cheers,
      Eric
    
  • Open source Linux GPU drivers Mesa 21.1 released

    Developer Eric Engestrom has announced the availability of Mesa 21.1, the latest release for Linux open source graphics drivers powering Intel, AMD and more.

    In the very short announcement, Engestrom mentioned Mesa will now be back to regular releases with a point release for bug fixes "every other week" which will see Mesa 21.1.1 on May 19. If you want stability, it's usually best to wait for at least that first point release.

  • Turnip Vulkan Driver Continues Maturing, Correctly Rendering More Games - Phoronix

    Turnip is the open-source Mesa Vulkan driver aligned with the Freedreno effort for Qualcomm Adreno support. Turnip has been in fairly good shape but fixes and other improvements keep flowing in as new Vulkan games/apps continue to be tested on this open-source Adreno Vulkan driver.

    Igalia developer Danylo Piliaiev has written a new blog post outlining some of the latest improvements made to this Mesa driver for allowing more Vulkan-powered software to correctly render on this unofficial Qualcomm Linux 3D driver.

today's howtos

Filed under
HowTos
  • How To Improve The Security Of Linux Servers?

    Many services nowadays run on servers with different Linux distributions. Compared to server versions of Microsoft operating systems, they are free. They are also generally considered to be more secure, but require deeper knowledge on the part of the system administrator to ensure they are configured correctly. It doesn't matter whether the system runs on your own infrastructure or on cloud solutions from Amazon, Microsoft or others. In this article, I'll give you tips for making your Linux instances more secure. The article also includes practical examples of improving the security of Debian-based operating system distributions.

    Automatic installation of updates

    Many servers become targets and victims of hacker attacks due to a security gap in the operating system used. Administrators are usually reluctant to update systems, as this can cause more harm than good, as deployed applications may stop working after a system update. However, it is extremely important for keeping the operating system secure and therefore automatic installations should always be enabled, especially on critical systems. If it is necessary to use older versions of operating systems, we recommend that these computers be completely isolated from the network. A few commands are all that is needed to enable automatic updates on a Linux system.

  • How To Install uTorrent on Debian 10 - idroot

    In this tutorial, we will show you how to install uTorrent on Debian 10. For those of you who didn’t know, uTorrent is the most popular torrent client available for Linux systems. uTorrent downloads file very fast and efficiently as possible without slowing other online activities.

    This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the uTorrent BitTorrent client on a Debian 10 (Buster).

  • How to customize Bash Terminal prompt on Debian 10

    The bash Linux shell provides many customization options for the prompt that you can use not only to incorporate various features in the prompt but also to differentiate them through different colors.

    In this article, we will use various examples to customize and recolor the prompt of our Terminal application that will enable you to do the same depending on your needs. We have the commands and procedures described in this article on a Debian 10 Buster system.

  • Learn essential Kubernetes commands with a new cheat sheet | Opensource.com

    The cloud runs largely on Kubernetes, Kubernetes largely runs on Linux, and Linux runs best when it has a skilled sysadmin at the controls. Whether you consider yourself a cloud architect or just a humble sysadmin, the modern internet needs users who understand how applications and services can be created within containers, scaled on demand, and monitored and managed judiciously.

    One of the first steps into the brave world of containers is learning Kubernetes and its quintessential command: kubectl.

  • Manage the Postfix mail queue with postsuper, postqueue and mailq commands

    Postfix provides several shell programs to manage the mail queue.

  • Resolve DHCPD and HTTPD startup failures with Ansible

    Last year, I had a problem: HTTPD (the Apache web server) would not start on a reboot or cold boot. To fix it, I added an override file, /etc/systemd/system/httpd.service.d/override.conf. It contained the following statements to delay HTTPD's startup until the network is properly started and online. (If you've read my previous articles, you'll know that I use NetworkManager and systemd, not the old SystemV network service and start scripts).

How To Take Screenshot In Linux? — 5 Best Linux Screenshot Tools

Filed under
Software

One of the most common things that we do on our computers is taking screenshots. Be it important info on your screen that you’ll later forget or be it a hilarious meme, the captured screenshot images could prove to be really useful.

We all know how easy it is to take screenshots in Windows, but how easy is it on Linux? In this article, let’s look at how to take a screenshot on Linux. Apart from that, we’ll also be looking at the ten best screenshot tools for Linux if you don’t like the default method. Let’s get started.

Read more

Games: Office Point Rescue Deja Vu, ComPressure, Godot, Nebuchadnezzar, and Green With Energy

Filed under
Gaming
  • Free Game Thursday - check out Office Point Rescue Deja Vu a new retro FPS

    Office Point Rescue Deja Vu is a brand new retro-themed first-person shooter from Magellanic Games, a bigger expanded version of the original from 2020.

    "Terrorists have invaded and taken hostages in the Emeraldalo Corporation's headquaters. Agent Foldon is assigned to infiltrate the building, dispatch the terrorists, rescue any surviving hostages and gather intel."

    Check out our gameplay footage below to get a taste of it. The gameplay was on Easy mode, as I didn't want to spoil any surprises and difficult in the other modes. It gives you a good idea of what to expect though, thoroughly reminding me of some retro arcade shooters that took way too many coins.

  • ComPressure, a complex pipe-building puzzle game is out now

    After a relatively short stint in Early Access, the Zach-like puzzle game ComPressure is officially out now.

    ComPressure has you building complex computation units powered by high pressure steam, which you do by place and moving pipes around to direct this steam where to go. It definitely has a feel like some earlier Zachtronics titles and it's a pretty unique game overall.

  • Go Godot Jam is an upcoming Godot Gamedev Festival between May 6 - June 9

    Learn more about the free and open source Godot Engine during Go Godot Jam, part of the Godot Gamedev Festival running from today May 6 through to June 9.

    Sounds like a fun idea to help show off Godot to even more people. It's packed full of "one month of quality streams and a game jam aimed at celebrating and expanding a vibrant Godot community" and it's entirely open to everyone as this is a free online event.

  • City builder Nebuchadnezzar is getting fire, crime and disease in the next free update

    After launching with Linux support back in February, it seems a lot of people really loved the style but there wasn't enough substance to it. Thankfully the first update addressed some of the issues adding in big freeplay maps, new difficulty modes and a tax/wages mechanic too. Now they've teased the 1.2 update with no current release date which will bring in Fire, Crime and Diseases to add a little more challenge to it.

  • Hook up cities with power to create a sustainable future in the upcoming Green With Energy

    Green With Energy from developer Orbifold Software is an upcoming casual puzzle building game, that sees you become an engineer to design a sustainable power grid.

    Through various contained levels, it acts like a puzzle game that pulls in small elements from a city-builder while you design your grid and place down power structures. It's supposed to be somewhat relaxed while you iteratively design, test and build power grid designs while balancing budget, efficiency, and environmental impact through different levels and biomes.

    [...]

    The developer mentioned Linux will be a first-class platform for it.

LibreOffice 7.1.3 Office Suite Released with More Than 100 Bug Fixes

Filed under
LibO

Coming five weeks after LibreOffice 7.1.2, the LibreOffice 7.1.3 point release is here to address a total of 105 issues across all core components, including Writer, Calc, Draw, and Impress.

According to The Document Foundation, about 25 percent of these fixes are focused on improving the document compatibility with the Microsoft Office file formats, such as DOCX, PPTX, and XLSX.

Read more

Android Leftovers

Filed under
Android

UBIFS To Default To Zstd Compressed File-System With Linux 5.13+

Filed under
Linux

Adding to the growing list of changes for Linux 5.13 is the UBIFS file-system now using Zstd for file-system compression by default.

Where available, UBIFS on Linux 5.13 and later will use Zstd as its default compressor where as previously it had been LZO. UBIFS as the file-system for un-managed flash memory devices is now comfortable with the state of Zstd and that it's the superior solution to call it the new default compression method.

Read more

Also: Mike Blumenkrantz: Backish

today's leftovers

Filed under
Misc
  • Stop snoring with Raspberry Pi
  • GridGain Announces Keynote Speakers for First Ignite Summit [Ed: Stop calling a bunch of webchats a "summit"]

    GridGain® Systems, provider of enterprise-grade in-memory computing solutions powered by the Apache® Ignite® distributed database, today announced the keynote speakers for the first Ignite Summit, a virtual event taking place May 25, 2021. Experts from Amazon, 24 Hour Fitness, Intel, Banco do Brasil, GridGain and more will discuss the Apache Ignite technology and how organizations are using it to power modern, high-performance applications. GridGain also announced the addition of a pre-conference training day on May 24, 2021, when attendees can get hands-on, technical training from Apache Ignite experts.

  • Celemony releases ARA SDK under open source license and releases software development kit

    Celemony Software GmbH is placing the ARA Audio Random Access audio interface under open source license as well as releasing a comprehensive software development kit. They say that this will make ARA integration even easier for DAW and plug-in manufacturers. Here's the story in the company's own words...

    [...]

    Right now, the fully revised and expanded ARA Audio Random Access Software Development Kit is available under the Apache 2.0 license, which also makes integration into projects with open-source licenses such as GNU GPLv3 possible.

  • Dark Mode Plugin Repurposed and Renamed to WP Markdown Editor, Change Leaves Users Confused

    Last year, I asked Tavern readers if WordPress should notify end-users when a plugin’s owner changes. The post was not entirely based on theory. There have been some cases of real-world confusion. The consensus from the comments on that post seemed to be that, yes, such notifications would be welcome.

    When I wrote that post, there was already another plugin changing hands. Dark Mode, which had grown in popularity in its earlier years, had a new owner, WPPool. There were no public notifications of this ownership change. A mere GitHub issue filed, a corner of the web that few users venture.

    [...]

    Iceberg is licensed under the GPL version 2, so it is legal for anyone to fork it. However, there does not seem to be any mention of the copyright, and only a few references to the original product remain in the source code.

  • vrurg: Config::BINDish Module First Release

    Soon after Test::Async time has came for the first release of Config::BINDish. At first, I didn’t plan it whatsoever. Then I considered it as a little distraction project to get some rest from an in-house one I was working on lately. But it turned in a kind of a monster which swallowed quite an amount of my time. Now I hope it’s been worth the efforts.

    Basically, the last straw which convinced me to eventually put everything else aside and have this one done was an attempt to develop a model for scalable file hosting. I was stuck, no approach I was considering was good enough. And I decided to change the point of view and try to express the thing in terms of a configuration file. I went on a hunt onto Raku modules site and came back with a couple of already familiar options. Of those I decided that Config::TOML would be the best one for my needs. Unfortunately, very soon I realized that a feature it misses makes my life somewhat harder than I’d like it to be: there was no way to expand a string with an option value.

  • This Week in Rust 389
  • Satellite-navigation systems such as GPS are at risk of jamming

    The original purpose of the GPS and its European (Galileo), Russian (GLONASS) and Chinese (BeiDou) counterparts was to enable suitably programmed receivers on or near the ground to calculate their whereabouts to within a few centimetres, by comparing signals from several satellites. In this role they have become ubiquitous, running everything from the navigation systems of planes, ships and automobiles, both military and civilian, to guiding the application of water and fertiliser in precision agriculture. But global-navigation satellite systems (GNSS), to give their collective name, now do much more than that. By acting as clocks that broadcast the time accurate to within a few dozen nanoseconds, they are crucial to jobs ranging from co-ordinating electricity grids and mobile-phone networks to time-stamping financial transactions and regulating the flow of information in and out of data centres.

  • Wall Street Journal Editorial Tries To Pretend That Fixing Repair Monopolies Is Bad For Your Health

    So we've noted for a long time how efforts to monopolize repair have resulted in a growing, bipartisan interest in right to repair legislation in more than a dozen states. Whether it's Sony and Microsoft's efforts to monopolize game console repair, Apple's tendency to monopolize phone repair (and bully independent repair shops), or John Deere making its tractors a costly nightmare to fix, a sustained backlash has been growing against draconian DRM, rampant abuse of copyright, and other behaviors that make repairing products you own as annoying and expensive as possible.

  • This Motorcycle Airbag Vest Will Stop Working If You Miss a Payment

    In the video, Plummer promotes this as a good option for people who don't ride year-round and therefore may only need a functioning vest a couple of months a year. But when Motherboard asked Klim about what would happen if, say, the customer forgot to turn the subscription back on and got into a crash, a customer service representative confirmed "then, no, it will not go off." Likewise, if the customer's card is declined, they will have a 30-day grace period to update their payment information before the vest stops working, according to Klim communication manager Lukas Eddy.

    “When it comes to missing payments and airbag functionality, In&motion's payment notifications and 30-day grace period are reasonable—at some point, if a person stops paying for a service, that service has to be suspended, just like your utilities or a cell phone plan,” Eddy wrote to Motherboard in an email. “Further, if someone pauses their subscription and forgets to restart it, they won't actually be able to get their In&box into ride-ready status when they go to turn it on. If they then choose to ignore the indicators and ride with the In&box inactive, that's on them and we can expect it not to inflate in the event of a crash.”

Open Letter: DistroWatch

Filed under
GNU
Linux

For the better part of three years, we have remained silent about your ongoing efforts to affect people’s perception of our Linux distribution continuously. We have tried our best not to engage with your evident hostility and disregard to inform your viewers and visitors about correct facts of the Linux distributions you display on your website, especially ours.
However, we have decided to take a stance. It is today, the 6th of May, that we gallantly demand you to stop.
We do not accept for one more minute that the information displayed on your website about our product remains erroneous in what is no longer a “mistake” or “oversight” on your part. In addition, we do not accept the way you have chosen to describe our product, including making an absolute wild claim that we did not offer our product to the public before an arbitrary date, even if that is easily refuted.

Read more

Compact Text Editors Great for Remote Editing and Much More

Filed under
Software
OSS

A text editor is software used for editing plain text files. This type of software has many different uses such as modifying configuration files, writing programming language source code, jotting down thoughts, or even making a grocery list. Given that editors can be used for such a diverse range of activities, it is worth spending the time finding an editor that best suites your preferences.

Whatever the level of sophistication of the editor, they typically have a common set of functionality, such as searching/replacing text, formatting text, importing files, as well as moving text within the file.

All of these text editors are console based applications which make them ideal for work on remote machines. Textadept also provides a graphical user interface, but remains fast and minimalist.

Read more

Audiocasts/Shows: BSDNow, Coder Radio, and TLLTS

Filed under
GNU
Linux
BSD
  • BSDNow 401: OpenBSD Dog Garage

    Dog's Garage Runs OpenBSD, EuroBSDcon 2021 Call for Papers, FreeBSD’s iostat, The state of toolchains in NetBSD, Bandwidth limiting on OpenBSD 6.8, FreeBSD's ports migration to git and its impact on HardenedBSD, TrueNAS 12.0-U3 has been released, and more.

  • Context in Comprehension | Coder Radio 412

    From adventures in learning, a recipe for great collaborations, to creativity and problem-solving in tech. It's a deep dive chat with Wes Payne.

  • The Linux Link Tech Show Episode 905

    fedora 34, register.com sucks, realestate

Security and Proprietary Software

Filed under
Security
  • Malicious Office 365 Apps Are the Ultimate Insiders [Ed: Office 360 itself is malicious]
  • Biden administration, Congress unite in effort to tackle ransomware attacks [iophk: Windows TCO]

    Congress has also been paying greater attention to the threats from ransomware, with members on both sides of the aisle citing attacks in their districts on schools, governments, libraries and hospitals as key motivating factors in taking action.

  • Changing role of the board on cybersecurity

    While it is the network security team that is responsible for preventing such a breach, increasingly, the company’s board is being examined in such cases more often than before. So, how can the board be ready if such an unforeseen event unfolds and how the direction to take corrective measures can come right from the top?

    In our latest report we delve into the changing role of the board on cybersecurity to outline the following recommendations: [...]

  • They Told Their Therapists Everything. [Crackers] Leaked It All [iophk: Windows TCO]

    Vastaamo ran the largest network of private mental-health providers in Finland. In a country of just 5.5 million—about the same as the state of Minnesota—it was the “McDonald’s of psychotherapy,” one Finnish journalist told me. And because of that, the attack on the company rocked all of Finland. Around 30,000 people are believed to have received the ransom demand; some 25,000 reported it to the police. On October 29, a headline in the Helsinki Times read: “Vastaamo [Cracking] Could Turn Into Largest Criminal Case in Finnish History.” That prediction seems to have come true.

  • RTF Report: Combatting Ransomware

    2. The United States should lead by example and execute a sustained, aggressive, whole of government, intelligence-driven anti-ransomware campaign, coordinated by the White House. This must include the establishment of 1) an Interagency Working Group led by the National Security Council in coordination with the nascent National Cyber Director; 2) an internal U.S. Government Joint Ransomware Task Force; and 3) a collaborative, private industry-led informal Ransomware Threat Focus Hub.

  • Tesla Car [Cracked] Remotely From Drone via Zero-Click Exploit

    The attack, dubbed TBONE, involves exploitation of two vulnerabilities affecting ConnMan, an internet connection manager for embedded devices. An attacker can exploit these flaws to take full control of the infotainment system of a Tesla without any user interaction.

  • Kubestriker: A security auditing tool for Kubernetes clusters

    It performs a variety of checks on a range of services and open ports on the Kubernetes platform, helps safeguard against potential attacks on Kubernetes clusters by continuously scanning, monitoring and alerting of any anomalies, allows users to see components of the Kubernetes infrastructure, and visualizes attack paths (how hackers can advance their attacks by chaining misconfigured components in the Kubernetes cluster).

    “Kubernetes has become a popular open-source platform for containerized workflows and a key building block for modern technology infrastructure. According to Gartner, by 2025 more than 85% of global organizations will be running containerized applications in production. This widespread popularity and lack of solid security measures in place have made Kubernetes the perfect target for attackers,” Kubestriker’s creator Vasant Chinnipilli, a security architect and DevSecOps practitioner, told Help Net Security.

Tor and Mozilla Firefox

Filed under
Moz/FF
  • Check the status of Tor services with status.torproject.org

    The Tor Project now has a status page which shows the state of our major services.

    You can check status.torproject for news about major outages in Tor services, including v3 and v2 onion services, directory authorities, our website (torproject.org), and the check.torproject.org tool. The status page also displays outages related to Tor internal services, like our GitLab instance.

  • Firefox's slow takeover of the address bar's space

    In the current Firefox 88, and I believe in the next version as well (currently Firefox Beta), part of the address bar is a '...' menu for "Page actions". Through using the right button on items in this menu, or on the icons on the right side of the address bar, you can add or remove certain icons from the right side, things like the "Bookmark this page" star. If you start up a current Firefox Nightly, you will discover the three dots of the Page Actions menu are gone, as is your ability to remove any icons from the address bar, including both the "Bookmark this page" star and any that may be put there by some of your addons.

  • It's possible for Firefox to forget about:config preferences you've set

    Firefox has a user preferences system, exposed through its 'Settings' or 'Preferences' system (also known as about:preferences) and also through the more low-level configuration editor (aka about:config). As is mentioned there and covered in somewhat more detail in what information is in your profile, these configuration settings (and also your preferences settings) are stored in your profile's prefs.js file.

    You might think that once you manually set something in about:config, your setting will be in prefs.js for all time until you go back into about:config and change or reset it. However, there's a way that Firefox can quietly drop your setting. If you've set something in about:config and your setting later becomes Firefox's default, Firefox will normally omit your manual setting from your prefs.js at some point. For example, if you manually enable HTTP/3 by setting network.http.http3.enabled to true and then Firefox later makes enabling HTTP/3 the default (as it plans to), your prefs.js will wind up with no setting for it.

  • Mozilla Explains: What are deceptive design patterns?

    Deceptive design patterns are tricks used by websites and apps to get you to do things you might not otherwise do, like buy things, sign up for services or switch your settings. Another word used to describe deceptive design patterns is dark patterns*, which was originally coined in 2010 by user experience specialist Harry Brignall, drawing attention to this practice and building momentum around calling it out. Brignall regularly tweets some of the worst examples of deceptive designs online and hands out kudos for honest user experiences.

    Deceptive design patterns show up as tricky color schemes, frustrating mazes, sneaky designs and confusing language. Websites use these techniques to influence your behavior into a direction that benefits them more than it benefits you. Here are examples of deceptive or manipulative designs you might run into.

today's howtos

Filed under
HowTos
  • Beautiful 3D Print time-lapses with my Nikon D700 and Octolapse

    What I wanted was a stable and sharp timelapse of the entire process with high enough resolution to use in HD videos I produce for my YouTube channel.

    So how did I get it working with my old but trusty Nikon D700? Read on...

  • How to keep files and directories synchronized across different devices using syncthing on Linux

    Syncthing is defined as a continuous file synchronization program: it can be used to keep files and directories synchronized across different devices or “nodes”. The application uses TLS as encryption method, and it is, together with its protocol, free and open source software. When using Syncthing, our data remains on our device, and is transferred directly to the destination without relaying on a central server (peer to peer). In this tutorial we will see how to install, configure and use Syncthing on Linux.

  • The different types of modern (2021) SSH keys (and some opinions)

    Back in 2014 I wrote about what I knew about the then-current different types of SSH keys. Things have changed around a bit since then, so it's time for an update.

    Modern versions of SSH support three different types of public key cryptography for common use; RSA, ECDSA, and Ed25519. Both ECDSA and Ed25519 use elliptic curve cryptography, while RSA is based on integer factorization. SSH once supported DSA public key cryptography, but it has been deprecated since the 7.0 release of OpenSSH in 2017 (search for 'ssh-dss'). OpenSSH supports FIDO/U2F hardware authenticators with ECDSA and Ed25519 keys since OpenSSH 8.2, and supports SSH key certificates for all key types.

  • Stopping cron sending email alert for Linux/Unix jobs

    How do I to disable the email alert send by crontab? When my job is executed and the jobs cannot run normally it will sent an email to root. Why do I receive e-mails to my root account from cron? How can I prevent this? How can I disable email alert sent by cron jobs on a Linux or Unix-like systems?

    The crontab command is used to maintain crontab files for individual users. By default the output of a command or a script (if any produced), will be email to your local email account. To stop receiving email output from crontab you need to append following strings at the end of crontab entry.

Our future upgrade wave of Ubuntu 18.04 machines

Filed under
Ubuntu

Our future issue is that having a lot of 18.04 machines (some of them very critical ones) means that when Ubuntu 22.04 comes out next April, we'll have a lot of machines to upgrade in less than a year (since 18.04 will stop being supported at the end of April 2023). This is probably more unique machines than we've ever had to upgrade in one cycle, even if we assume that the machines users log in to are mostly simple to rebuild. Some of the machines, such as our fileservers, will take extensive testing all on their own.

Read more

Kernel Articles in LWN (Just Liberated From Paywall)

     

  • Some 5.12 development statistics

    By the time the 5.12 kernel was finally released, some 13,015 non-merge changesets had been pulled into the mainline repository for this development cycle. That makes 5.12 the slowest development cycle since 5.6, which was released at the end of March 2020. Still, there was plenty of work done for 5.12. Read on for our traditional look at where that work came from and how it got into the kernel.

    Patches were contributed to 5.12 by 1,873 developers, 262 of whom were first-time contributors; those are typical numbers, especially given the (relatively) small size of this cycle. 

  •  

  • Preventing information leaks from ext4 filesystems

    A filesystem's role is to store information and retrieve it in its original form on request. But filesystems are also expected to prevent the retrieval of information by people who should not see it. That requirement extends to data that has been deleted; users expect that data to be truly gone and will not welcome its reappearance in surprising places. Some work being done with ext4 shows the kind of measures that are required to live up to that expectation.

    In early April, Leah Rumancik posted a two-patch series making a couple of small changes to the ext4 filesystem implementation. The first of those caused the filesystem to, after a file is deleted, overwrite the space (on disk) where that file's name was stored. In response to a question about why this was needed, ext4 maintainer Ted Ts'o explained that it was meant to deal with the case where users were storing personally identifiable information (PII) in the names of files. When a file of that nature is removed, the user would like to be sure that the PII is no longer stored on the disk; that means wiping out the file names as well.

  •  

  • Avoiding unintended connection failures with SO_REUSEPORT

    Many of us think that we operate busy web servers; LWN's server, for example, sweats hard when keeping up with the comment stream that accompanies any article mentioning the Rust programming language. But some organizations run truly busy servers and have to take some extraordinary measures to keep up with levels of traffic that even language advocates cannot create. The SO_REUSEPORT socket option is one of many features that have been added to the network stack to help these use cases. SO_REUSEPORT suffers from an implementation problem that can cause connections to fail, though. Kuniyuki Iwashima has posted a patch set addressing this problem, but there is some doubt as to whether it takes the right approach.

    In normal usage, only one process is allowed to bind to any given TCP port to accept incoming connections. On busy systems, that process can become a bottleneck, even if all it does is pass accepted connections off to other processes for handling. The SO_REUSEPORT socket option, which was added to the 3.9 kernel in 2013, was meant to address that bottleneck. This option allows multiple processes to accept connections on the same port; whenever a connection request comes in, the kernel will pick one of the listening processes as the recipient. Systems using SO_REUSEPORT can dispense with the dispatcher process, improving scalability overall.

    SO_REUSEPORT does its work when the initial SYN packet (the connection request) is received; at that time, a provisional new socket is created and assigned to one of the listening processes. The new connection will first wait for the handshake to complete, after which it will sit in a queue until the selected process calls accept() to accept the connection and begin the session. On busy servers, there may be a fair number of connections awaiting acceptance; the maximum length of that queue is specified with the listen() system call.

  •  

  • Toward signed BPF programs

    The kernel's BPF virtual machine is versatile; it is possible to load BPF programs into the kernel to carry out a large (and growing) set of tasks. The growing body of BPF code can reasonably be thought of as kernel code in its own right. But, while the kernel can check signatures on loadable modules and prevent the loading of modules that are not properly signed, there is no such mechanism for BPF programs; any sufficiently privileged process can load any program that will pass the verifier. One might think that adding this checking for BPF would be straightforward, but that subsystem has some unique characteristics that make things more challenging than one might expect. There may be a solution in the works, though; fittingly, it works by loading yet another BPF program.

    Loadable kernel modules are stored as executable images in the ELF format. When one is loaded, the kernel parses that format and does the work needed to enable the module to run within the kernel; this work includes allocating memory for variables, performing relocations, resolving symbols, and more. All of the necessary information exists within the ELF file. Applying a signature to that file is simply a matter of checksumming the relevant sections and signing the result.

    BPF programs have similar needs, but the organization of the requisite information is a bit more, for lack of a better word, messy. The code itself is compiled as an executable section that is then linked into a loader program that runs in user space and invokes the bpf() system call to load the BPF program into memory. But BPF programs, too, need to have data areas allocated in the form of BPF maps, and they need relocations (of a sort) applied to be able to cope with different structure layouts on different systems. The necessary maps are "declared" as special ELF sections in the loader program; the libbpf library finds those sections and turns them into more bpf() calls. The BPF program itself is then modified (before loading into the kernel) so that it can find its maps when it runs.

    This structure poses a challenge for anybody wanting to implement signed BPF programs. The maps are a part of the program itself; if they are not established as intended, a BPF program might misbehave in interesting ways. But the kernel has no way to enforce any specific map configuration, and thus cannot ensure that a signed BPF program has been properly set up. Additionally, the need to modify the BPF program itself will break signature verification; after all, modifications to BPF programs are just the sort of thing this mechanism is expected to prevent. So, somehow, the kernel has to take a more active role in the loading of BPF programs.

Z-Pi 7 Z-Wave gateway devkit works with Raspberry Pi and Orange Pi Zero boards

Filed under
Hardware

WiFi & Bluetooth are the most popular wireless protocols for home automation, alternatives like Zigbee and Z-wave have also been widely adopted, at least in some countries.

And if you are interested in the latter, Aeotec has just introduced the Z-Pi 7 gateway development kit that lets you add Z-Wave connectivity to Raspberry Pi boards or Orange Pi Zero SBC with an expansion board connected over UART through the GPIO header.

Read more

Ubuntu Touch OTA-17 Arrives May 12 with NFC Support, Available for Testing Now

Filed under
Ubuntu

Ubuntu Touch OTA-17 is the next major software update for Ubuntu Phone devices, promising support for NFC hardware on various devices, including the Google Pixel 3a and Volla Phone. Besides the obvious benefits, NFC support will also enable developers to add the ability to read or write NFC tags in their apps.

While UBports devs continue their transition for Ubuntu Touch to the Ubuntu 20.04 LTS (Focal Fossa) base, they added various enhancements to the Ubuntu Touch OTA-17 release. Among these, improved battery life and notifications for the Google Pixel 3a phone, a Macedonian keyboard layout, and automatic screen brightness on the Volla Phone.

Read more

Syndicate content

More in Tux Machines

Today in Techrights

today's howtos

  • Hans de Goede: Changing hidden/locked BIOS settings under Linux

    This all started with a Mele PCG09 before testing Linux on this I took a quick look under Windows and the device-manager there showed an exclamation mark next to a Realtek 8723BS bluetooth device, so BT did not work. Under Linux I quickly found out why, the device actually uses a Broadcom Wifi/BT chipset attached over SDIO/an UART for the Wifi resp. BT parts. The UART connected BT part was described in the ACPI tables with a HID (Hardware-ID) of "OBDA8723", not good. Now I could have easily fixed this with an extra initrd with DSDT-overrride but that did not feel right. There was an option in the BIOS which actually controls what HID gets advertised for the Wifi/BT named "WIFI" which was set to "RTL8723" which obviously is wrong, but that option was grayed out. So instead of going for the DSDT-override I really want to be able to change that BIOS option and set it to the right value. Some duckduckgo-ing found this blogpost on changing locked BIOS settings.

  • Test Day:2021-05-09 Kernel 5.12.2 on Fedora 34

    All logs report PASSED for each test done and uploaded as prompted at instruction page.

  • James Hunt: Can you handle an argument?

    This post explores some of the darker corners of command-line parsing that some may be unaware of. [...] No, I’m not questioning your debating skills, I’m referring to parsing command-lines! Parsing command-line option is something most programmers need to deal with at some point. Every language of note provides some sort of facility for handling command-line options. All a programmer needs to do is skim read the docs or grab the sample code, tweak to taste, et voila! But is it that simple? Do you really understand what is going on? I would suggest that most programmers really don’t think that much about it. Handling the parsing of command-line options is just something you bolt on to your codebase. And then you move onto the more interesting stuff. Yes, it really does tend to be that easy and everything just works… most of the time. Most? I hit an interesting issue recently which expanded in scope somewhat. It might raise an eyebrow for some or be a minor bomb-shell for others.

  • 10 Very Stupid Linux Commands [ Some Of Them Deadly ]

    If you are reading this page then you are like all of us a Linux fan, also you are using the command line every day and absolutely love Linux. But even in love and marriage there are things that make you just a little bit annoyed. Here in this article we are going to show you some of the most stupid Linux commands that a person can find.

China Is Launching A New Alternative To Google Summer of Code, Outreachy

The Institute of Software Chinese Academy of Sciences (ISCAS) in cooperation with the Chinese openEuler Linux distribution have been working on their own project akin to Google Summer of Code and Outreachy for paying university-aged students to become involved in open-source software development. "Summer 2021" as the initiative is simply called or "Summer 2021 of Open Source Promotion Plan" is providing university-aged students around the world funding by the Institute of Software Chinese Academy of Sciences to work on community open-source projects. It's just like Google Summer of Code but with offering different funding levels based upon the complexity of the project -- funding options are 12000 RMB, 9000 RMB, or 6000 RMB. That's roughly $932 to $1,865 USD for students to devote their summer to working on open-source. There are not any gender/nationality restrictions with this initative but students must be at least eighteen years old. Read more

Kernel: Linux 5.10 and Linux 5.13

  • Linux 5.10 LTS Will Be Maintained Through End Of Year 2026 - Phoronix

    Linux 5.10 as the latest Long Term Support release when announced was only going to be maintained until the end of 2022 but following enough companies stepping up to help with testing, Linux 5.10 LTS will now be maintained until the end of year 2026. Linux 5.10 LTS was originally just going to be maintained until the end of next year while prior kernels like Linux 5.4 LTS are being maintained until 2024 or even Linux 4.19 LTS and 4.14 LTS going into 2024. Linux 5.10 LTS was short to begin with due to the limited number of developers/organizations helping to test new point release candidates and/or committing resources to using this kernel LTS series. But now there are enough participants committing to it that Greg Kroah-Hartman confirmed he along with Sasha Levin will maintain the kernel through December 2026.

  • Oracle Continues Working On The Maple Tree For The Linux Kernel

    Oracle engineers have continued working on the "Maple Tree" data structure for the Linux kernel as an RCU-safe, range-based B-tree designed to make efficient use of modern processor caches. Sent out last year was the RFC patch series of Maple Tree for the Linux kernel to introduce this new data structure and make initial use of it. Sent out last week was the latest 94 patches in a post-RFC state for introducing this data structure.

  • Linux 5.13 Brings Simplified Retpolines Handling - Phoronix

    In addition to work like Linux 5.13 addressing some network overhead caused by Retpolines, this next kernel's return trampoline implementation itself is seeing a simplification. Merged as part of x86/core last week for the Linux 5.13 kernel were enabling PPIN support for Xeon Sapphire Rapids, KProbes improvements, and other minor changes plus simplifying the Retpolines implementation used by some CPUs as part of the Spectre V2 mitigations. The x86/core pull request for Linux 5.13 also re-sorts and better documents Intel's increasingly long list of different CPU cores/models.

  • Linux 5.13 Adds Support For SPI NOR One-Time Programmable Memory Regions - Phoronix

    The Linux 5.13 kernel has initial support for dealing with SPI one-time programmable (OTP) flash memory regions. Linux 5.13 adds the new MTD OTP functions for accessing SPI one-time programmable data. The OTP are memory regions intended to be programmed once and can be used for permanent secure identification, immutable properties, and similar purposes. In addition to adding the core infrastructure support for OTP to the MTD SPI-NOR code in Linux 5.13, the functionality is wired up for Winbond and similar flash memory chips. The MTD subsystem has already supported OTP areas but not for SPI-NOR flash memory.