Language Selection

English French German Italian Portuguese Spanish

SUSE

Servers: Red Hat, SUSE and Storj

Filed under
Red Hat
SUSE
  • Red Hat CEO Says Acquisition by IBM Will Help Spur More Open-Source Innovation

    International Business Machines Corp.’s recent acquisition of Red Hat Inc. is aimed squarely at building up its cloud business—in part by making it easier for IBM customers to use competing cloud services.

    Red Hat’s open-source software enables chief information officers and other enterprise IT managers to run applications both within their own data centers and across a range of third-party providers, from IBM’s own cloud to Amazon.com Inc. ’s AWS, Microsoft Corp ’s Azure, or any other tech company that rents computer software and systems to businesses online.

  • Best Practices in Deploying SUSE CaaS Platform

    SUSE CaaS Platform is an enterprise class container management solution that enables IT and DevOps professionals to more easily deploy, manage, and scale container-based applications and services. It includes Kubernetes to automate lifecycle management of modern applications, and surrounding technologies that enrich Kubernetes and make the platform itself easy to operate.

  • Storj Opens Its Decentralized Storage Service Project to Beta

    Storj Labs has released the beta of its open source namesake decentralized cloud object storage software alongside opening up beta access to its own implementation of that software with its decentralized cloud storage service Tardigrade. In an interview with The New Stack, Storj Labs Executive Chairman and Interim CEO Ben Golub explained that Storj follows in the footsteps of other household name tech companies that allow its members to profit by “sharing” their resources — in this case, their spare storage space.

MariaDB, VLC, Plopper, Apache Packages Update in Tumbleweed

Filed under
SUSE

There have been three openSUSE Tumbleweed snapshots released this week.

The snapshots brought new versions of VLC, Apache, Plopper and an update of the Linux Kernel.

Snapshot 20190824 delivered a fix that was made to the swirl option, which produced an unexpected result, with the update of ImageMagick’s 7.0.8.61 version. Improved adaptive streaming and a fix for stuttering for low framerate videos became available in VLC 3.0.8; 13 issues, including 5 buffer overflows we fixed and 11 Common Vulnerabilities and Exposures were assigned and addressed in the media player version. More than a handful of CVEs were addressed with the apache2 2.4.41 update. One of the CVEs addressed was that of a malicious client that could perform a Denial of Services attack by flooding a connection with requests and basically never reading responses on the TCP connection. The new version also improves the balancer-manager protection against XSS/XSRF attacks from trusted users. The x86 emulation library fixed a compiler warning in the 2.4 version and the X11 RandR utility updated the geometry text file configure.ac for gitlab migration with the xrandr 1.5.1 version. The snapshot is trending at a rating of 86, according to the Tumbleweed snapshot reviewer.

Read more

Finally, I Can Make Multiboot USB of openSUSE from Ubuntu

Filed under
SUSE
Ubuntu
HowTos

As you may know, my multiboot making tools were MultiSystem (since 2015), then Sundar's MultiBootUSB (2018), and recently GLIM (2019), but they all cannot work for openSUSE. Thanks to Aguslr, his program Multiboot USB (not to be confused with MultiBootUSB above) solved this problem for me! This means up to today I never managed to make openSUSE multiboot in a USB while I always managed to make other GNU/Linux distros work successfully such as Ubuntu family, Mint, Trisquel, Debian Regular, Elementary, even Fedora. In this article, I just report my success in making openSUSE Leap 15.1 multibootable USB and then installing it on a laptop. However, this article is just my report and I planned to publish tutorial on this Aguslr's Multiboot USB as soon as possible. Anyway, go ahead and happy working!

Read more

Servers: Ampere Computing, SUSE and Red Hat

Filed under
Red Hat
Server
SUSE
  • Ampere Computing Is Keeping Close Track Of The Linux Performance For Their ARM Servers

    Hardware vendor Ampere Computing with their impressive ARM servers is doing a great job on closely following their hardware's Linux performance as part of a rigorous continuous testing regiment or ensuring quality, compatibility, and stability while being fully-automated.

    Ampere Computing's Travis Lazar talked at this week's Linux Foundation events in San Diego over the importance of continuous regression testing for software and hardware development by talking about their internal workflow and software in place. Their internal system is the "Totally Automated Regression System" or TARS for short. TARS makes use of various open-source components including the Phoronix Test Suite and its vast collection of benchmarks for providing comprehensive test coverage plus Ampere's own "extensions" to the Phoronix Test Suite. TARS also incorporates the provisioning/configuration responsibilities as well as analysis of the data.

  • [SUSE] Learn how the Multimodal OS can benefit your organization.
  • From ProdOps to DevOps: Surviving and thriving

    For many of us in Production Operations (ProdOps), change is the enemy. If something changes, there is now an opportunity for things that were working just fine to experience problems. It is like a game of Jenga. When will the tower fall because a seemingly minor change unbalances the whole stack of pieces? ProdOps teams hate change so much, that countless frameworks have been invented to "manage" changes; in reality, these frameworks make the procedure for effecting a change so onerous that most people give up and accept the status quo.

    Actually, that statement is a bit unfair. These frameworks are an attempt to wrap planning and consensus around production changes, thus minimizing potential downtime caused by random or rogue changes (see Why the lone wolf mentality is a sysadmin mistake).

  • Meet Red Hat at VMworld

    As Red Hat’s Ashesh Badani said in his blog post about the reference architecture for OpenShift on VMware’s SDDC stack “… this is just the first step — Red Hat OpenShift 4 brings optimized installation capabilities to a variety of infrastructures and for this, the companies are working towards a VMware Validated Design. We are excited that VMware is working closely with Red Hat to deliver a simplified experience there in the coming months.”

Xfce, A Model GTK Based Desktop | Late Summer Blathering

Filed under
GNU
Linux
SUSE

n full disclosure, Plasma is my Desktop Environment of choice, it is very easy to customize and to make my own with very little effort. As of late, there isn’t a whole lot of customizing I do, it’s all pretty minor. A couple tweaks to the the visuals, make it dark, change some sound effects to make it more Star Trek The Next Generation, add a couple Plasmoids and set up KDE Connect. Then I am ready to go.

Since KDE 3 and later Plasma, each release adds and refines existing features, all of which seems as though they are doing so in a sustainable fashion. New releases of Plasma are always met with excitement and anticipation. I can count on new features and refinements and an overall better experience. I didn’t look anywhere else but then, Xfce wondered into my world and although slow to change has become that desktop too. Historically, Xfce has been [for me] just there, nothing particularly exciting. It has held the spot of a necessary, minimal viable desktop… but not anymore.

Read more

Xfce 4.14 Lands in Tumbleweed

Filed under
GNU
Linux
SUSE

Ahoy! openSUSE Xfce team is pleased to announce that the long awaited Xfce 4.14 has been released for Tumbleweed.

After a long development cycle (4 years!), all of the core components and applications have been ported to GTK 3.

Among the main new features and improvements, the xfwm4 window manager has finally gained support for VSync, HiDPI, hardware GLX and various compositor improvements.

You can check out the neat new features in the official Xfce 4.14 tour and the official release announcement.

Read more

Richard Brown: Changing of the Guard

Filed under
SUSE

After six years on the openSUSE Board and five as its Chairperson, I have decided to step down as Chair of the openSUSE Board effective today, August 19.

This has been a very difficult decision for me to make, with reasons that are diverse, interlinked, and personal. Some of the key factors that led me to make this step include the time required to do the job properly, and the length of time I’ve served. Five years is more than twice as long as any of my predecessors. The time required to do the role properly has increased and I now find it impossible to balance the demands of the role with the requirements of my primary role as a developer in SUSE, and with what I wish to achieve outside of work and community. As difficult as it is to step back from something I’ve enjoyed doing for so long, I am looking forward to achieving a better balance between work, community, and life in general.

Serving as member and chair of the openSUSE Board has been an absolute pleasure and highly rewarding. Meeting and communicating with members of the project as well as championing the cause of openSUSE has been a joyous part of my life that I know I will miss going forward.

openSUSE won’t get rid of me entirely. While I do intend to step back from any governance topics, I will still be working at SUSE in the Future Technology Team. Following SUSE’s Open Source policy, we do a lot in openSUSE. I am especially looking forward to being able to focus on Kubic & MicroOS much more than I have been lately.

As I’m sure it’s likely to be a question, I wish to make it crystal clear that my decision has nothing to do with the Board’s ongoing efforts to form an independent openSUSE Foundation.

The Board’s decision to form a Foundation had my complete backing as Chairperson, and will continue to have as a regular openSUSE contributor. I have absolute confidence in the openSUSE Board; Indeed, I don’t think I would be able to make this decision at this time if I wasn’t certain that I was leaving openSUSE in good hands.

On that note, SUSE has appointed Gerald Pfeifer as my replacement as Chair. Gerald is SUSE’s EMEA-based CTO, with a long history as a Tumbleweed user, an active openSUSE Member, and upstream contributor/maintainer in projects like GCC and Wine.

Read more

Kata Containers Packages are Available officially in openSUSE Tumbleweed

Filed under
SUSE

Kata Containers is an open source container runtime that is crafted to seamlessly plug into the containers ecosystem.

We are now excited to announce that the Kata Containers packages are finally available in the official openSUSE Tumbleweed repository.

It is worthwhile to spend few words explaining why this is a great news, considering the role of Kata Containers (a.k.a. Kata) in fulfilling the need for security in the containers ecosystem, and given its importance for openSUSE and Kubic.

Read more

SUSE: Uyuni, openSUSE and Tumbleweed

Filed under
SUSE
  • openSUSE News: New 4.0.2 Version of Uyuni is Released

    Contributors of Uyuni Project have released a new version of Uyuni 4.0.2, which is an open-source infrastructure management solution tailored for software-defined infrastructure.

    Uyuni, a fork of the Spacewalk project, modernizing Spacewalk with SaltStack, provides more operating systems support and better scalability capabilities. Uyuni is now the upstream for SUSE Manager.

    With this release, Uyuni provides powerful new features such as monitoring, content lifecycle management and virtual machine management.

  • openSUSE Tumbleweed ? Review of the weeks 2019/31 & 32

    As you certainly know, there are more snapshots tested than we release in the end. In the last two weeks, for example, we tested 9 snapshots. Of those, only 4 made it to the mirrors and to you ? the users. During the last two weeks, these were snapshots 0726, 0730, 0805 and 0806.

  • Communities in the distrowatch.org top 20

    Only well-funded corporate sponsored Linux distributions (Fedora, Ubuntu, OpenSUSE) have all categories checked. That doesn’t mean that anyone is getting paid. I believe this means that employees are probably the chief contributors and that means there are more people putting in resources to help.

    Some distributions are “Pat’s distribution”. Pat’s group owns it and Pat doesn’t want a steering committee or any other say in how the distro works. Though contributions by means of bug reports may be accepted.

    A few distributions “outsource” resources to other distributions. Elementary allows Stack Exchange to provide their forum. Parrot Linux refers users to the Debian wiki. Mint suggests that you put in bug reports with the upstream provider unless it is a specific Mint create application.

    There are a few Linux distributions that leave me scratching my head. How is this in the top 20 distros on distrowatch? There’s nothing here and the forum, if there is one, is nearly empty. Who uses this?

  • Vagrant Boxes with openSUSE Tumbleweed – Check it Out!

    As part of the SUSE Developer Engagement, we recently kicked off the activity to automatically produce and validate Vagrant boxes for the openSUSE Tumbleweed distribution. The creation of Vagrant boxes for SUSE Linux Enterprise Server is currently work in progress. We will update you as soon as they are available for consumption.
    But for now, we are happy to announce that the infrastructure to automatically build, version and validate Vagrant box images is ready to use – and we are already producing Vagrant boxes for libvirt and Virtualbox – for openSUSE Tumbleweed.

Servers, SUSE, Red Hat and Fedora

Filed under
GNU
Linux
Red Hat
Server
SUSE
  • My Favorite Infrastructure

    PCI policy pays a lot of attention to systems that manage sensitive cardholder data. These systems are labeled as "in scope", which means they must comply with PCI-DSS standards. This scope extends to systems that interact with these sensitive systems, and there is a strong emphasis on compartmentation—separating and isolating the systems that are in scope from the rest of the systems, so you can put tight controls on their network access, including which administrators can access them and how.

    Our architecture started with a strict separation between development and production environments. In a traditional data center, you might accomplish this by using separate physical network and server equipment (or using abstractions to virtualize the separation). In the case of cloud providers, one of the easiest, safest and most portable ways to do it is by using completely separate accounts for each environment. In this way, there's no risk that a misconfiguration would expose production to development, and it has a side benefit of making it easy to calculate how much each environment is costing you per month.

    When it came to the actual server architecture, we divided servers into individual roles and gave them generic role-based names. We then took advantage of the Virtual Private Cloud feature in Amazon Web Services to isolate each of these roles into its own subnet, so we could isolate each type of server from others and tightly control access between them.

    By default, Virtual Private Cloud servers are either in the DMZ and have public IP addresses, or they have only internal addresses. We opted to put as few servers as possible in the DMZ, so most servers in the environment only had a private IP address. We intentionally did not set up a gateway server that routed all of these servers' traffic to the internet—their isolation from the internet was a feature!

    Of course, some internal servers did need some internet access. For those servers, it was only to talk to a small number of external web services. We set up a series of HTTP proxies in the DMZ that handled different use cases and had strict whitelists in place. That way we could restrict internet access from outside the host itself to just the sites it needed, while also not having to worry about collecting lists of IP blocks for a particular service (particularly challenging these days since everyone uses cloud servers).

    [...]

    Although I covered a lot of ground in this infrastructure write-up, I still covered only a lot of the higher-level details. For instance, deploying a fault-tolerant, scalable Postgres database could be an article all by itself. I also didn't talk much about the extensive documentation I wrote that, much like my articles in Linux Journal, walks the reader through how to use all of these tools we built.

    As I mentioned at the beginning of this article, this is only an example of an infrastructure design that I found worked well for me with my constraints. Your constraints might be different and might lead to a different design. The goal here is to provide you with one successful approach, so you might be inspired to adapt it to your own needs.

  • A Blunt Reminder About Security for Embedded Computing

    The ICS Advisory (ICSA-19-211-01) released on July 30th by the Cybersecurity and Infrastructure Security Agency (CISA) is chilling to read. According to the documentation, VxWorks is “exploitable remotely” and requires “low skill level to exploit.” Elaborating further, CISA risk assessment concludes, “Successful exploitation of these vulnerabilities could allow remote code execution.”
    The potential consequences of this security breech are astounding to measure, particularly when I look back on my own personal experiences in this space, and now as an Account Executive for Embedded Systems here at SUSE.

    [...]

    At the time, VxWorks was the standard go-to OS in the majority of the embedded production platforms I worked with. It was an ideal way to replace the legacy stove-piped platforms with an Open Architecture (OA) COTS solution. In light of the recent CISA warning, however, it is concerning to know that many of those affected systems processed highly-classified intelligence data at home and abroad.

  • Red Hat Recognized as a Leader by Independent Research Firm in Infrastructure Automation Platforms Evaluation [Ed: Forrester is not “Independent Research Firm”; It’s taking bribes to lie.]
  • Why Red Hat can take over the cloud sooner than you think
  • Red Hat Enterprise Linux 7.7: Final Full Support Update
  • Transport Layer Security version 1.3 in Red Hat Enterprise Linux 8

    TLS 1.3 is the sixth iteration of the Secure Sockets Layer (SSL) protocol. Originally designed by Netscape in the mid-1990’s to serve the purposes of online shopping, it quickly became the primary security protocol of the Internet. Now not limited just to web browsing, among other things, it secures email transfers, database accesses or business to business communication.

    Because it had its roots in the early days of public cryptography, when public knowledge about securely designing cryptographic protocols was limited, the first two iterations: SSLv2 and SSLv3 are now quite thoroughly broken. The next two iterations, TLS 1.0 and TLS 1.1 depend on the security of Message Digest 5 (MD5) and Secure Hash Algorithm 1 (SHA1).

  • Cute Qt applications in Fedora Workstation

    Fedora Workstation is all about Gnome and it has been since the beginning, but that doesn’t mean we don’t care about Qt applications, the opposite is true. Many users use Qt applications, even on Gnome, mainly because many KDE/Qt applications don’t have adequate replacement written in Gtk or they are just used to them and don’t really have reason to switch to another one.

    For Qt integration, there is some sort of Gnome support in Qt itself, which includes a platform theme reading Gnome configuration, like fonts and icons. This platform theme also provides native file dialogs, but don’t expect native look of Qt applications. There used to be a gtk2 style, which used gtk calls directly to render natively looking Qt widgets, but it was moved from qtbase to qt5-styleplugins, because it cannot be used today in combination with gtk3.

    For reasons mentioned above, we have been working on a Qt style to make Qt applications look natively in Gnome. This style is named adwaita-qt and from the name you can guess that it makes Qt applications look like Gtk applications with Adwaita style. Adwaita-qt is actually not a new project, it’s been there for years and it was developed by Martin Bříza. Unfortunately, Martin left Red Hat long time ago and since then a new version of Gnome’s Adwaita was released, completely changing colors and made the Adwaita theme look more modern. Being the one who takes care of these things nowadays, I started slowly updating adwaita-qt to make it look like the current Gnome Adwaita theme and voilà, a new version was released after 3 months of intermittent work.

  • Fedora Community Blog: Friday with Infra

    Friday with Infra is a new event done by CPE (Community Platform Engineering) Team, that will help potential contributors to start working on some of the applications we maintain. During this event members of the CPE team will help you to start working on those applications and help you with any issue you may encounter. At the end of this event you should be able to maintain the application by yourself.

Syndicate content

More in Tux Machines

Apache Rya matures open source triple store database

The open source Apache Rya database effort is continuing to move forward as it reaches a new level of project maturity and acceptance. Rya (pronounced "ree-uh") is an RDF (resource description framework) triple store database. The project started at the U.S. government's Laboratory for Telecommunication Sciences with an initial research paper published in 2012. The project joined the Apache Software Foundation (ASF) in 2015 as an incubated project, and in September 2019 achieved what is known as Top-Level Project status. The Top-Level status is an indication and validation of the project's maturity, code quality and community. The ASF is home to Hadoop, Spark and other widely used database and data management programs. Read more Also: Yahoo Groups is being prepared for shutdown, with all stored archives to be deleted on Dec 14

The Spectre Mitigation Impact For Intel Ice Lake With Core i7-1065G7

For those wondering if -- or how much -- of a performance impact mitigations still make regarding Spectre for Intel's long-awaited 10nm+ Ice Lake processors, here is the rundown on the mitigation state and the performance impact. One of the areas that Phoronix readers have requested testing on with the recent purchase of the Dell XPS 7390 with Core i7 1065G7 is regarding the mitigation state and performance. Ice Lake with its Sunny Cove microarchitecture -- similar to Cascade Lake -- is no longer affected by Meltdown, MDS, or L1TF / Foreshadow. Read more

Networking SBCs run Linux on quad -A53 and -A72 NXP LS chips

Forlinx’s sandwich-style OK1043A-C and OK1046A SBCs run Linux on NXP’s quad -A53 LS1043A and quad -A72 LS1046A SoCs, respectively, and offer a 10GbE port and up to 6x GbE ports with optional SFP. Forlinx has posted product pages for two similar COM Express modules and carrier boards that run Linux on NXP’s networking focused LS series processors. The FET1043A-C module taps the up to 1.6GHz, quad-core, Cortex-A53 LS1043A while the FET1046A-C uses the up to 1.8GHz, quad-core, Cortex-A72 LS1046A. All the processors are headless — without GPUs. Read more

Security: WireGuard, Birds and Updates

  • WireGuard Restored In Android's Google Play Store After Brief But Controversial Removal

    After Google dropped the open-source WireGuard app from their Play Store since it contained a donation link, the app has now been restored within Google's software store for Android users but without the donation option. The WireGuard app for Android makes it easy to setup the secure VPN tunnel software on mobile devices, similar to its port to iOS and other platforms. The WireGuard apps are free but have included a donation link to the WireGuard website should anyone wish to optionally make a donation to support the development of this very promising network tech.

  • Letting Birds scooters fly free

    At that point I had everything I need to write a simple app to unlock the scooters, and it worked! For about 2 minutes, at which point the network would notice that the scooter was unlocked when it should be locked and sent a lock command to force disable the scooter again. Ah well. So, what else could I do? The next thing I tried was just modifying some STM firmware and flashing it onto a board. It still booted, indicating that there was no sort of verified boot process. Remember what I mentioned about the throttle being hooked through the STM32's analogue to digital converters[3]? A bit of hacking later and I had a board that would appear to work normally, but about a minute after starting the ride would cut the throttle. Alternative options are left as an exercise for the reader. Finally, there was the component I hadn't really looked at yet. The Quectel modem actually contains its own application processor that runs Linux, making it significantly more powerful than any of the chips actually running the scooter application[4]. The STM communicates with the modem over serial, sending it an AT command asking it to make an SSL connection to a remote endpoint. It then uses further AT commands to send data over this SSL connection, allowing it to talk to the internet without having any sort of IP stack. Figuring out just what was going over this connection was made slightly difficult by virtue of all the debug functionality having been ripped out of the STM's firmware, so in the end I took a more brute force approach - I identified the address of the function that sends data to the modem, hooked up OpenOCD to the SWD pins on the STM, ran OpenOCD's gdb stub, attached gdb, set a breakpoint for that function and then dumped the arguments being passed to that function. A couple of minutes later and I had a full transaction between the scooter and the remote. The scooter authenticates against the remote endpoint by sending its serial number and IMEI. You need to send both, but the IMEI didn't seem to need to be associated with the serial number at all. New connections seemed to take precedence over existing connections, so it would be simple to just pretend to be every scooter and hijack all the connections, resulting in scooter unlock commands being sent to you rather than to the scooter or allowing someone to send fake GPS data and make it impossible for users to find scooters.

  • Security updates for Friday

    Security updates have been issued by Debian (poppler, sudo, and wordpress), Oracle (java-1.8.0-openjdk), Red Hat (java-1.8.0-openjdk), Scientific Linux (java-1.8.0-openjdk, java-11-openjdk, and kernel), and SUSE (kernel and postgresql10).