Category: Linux Journal – The Original Magazine of the Linux Community

Canonical Announces Extended Security Maintena…

Canonical Announces Extended Security Maintenance for Ubuntu 14.04 LTS, Mozilla to Discuss the Future of Advertising at ICDPPC, Newegg Attacked, MetaCase Launches MetaEdit+ 5.5 and MariaDB Acquires Clustrix:

News briefs for September 20, 2018.

Canonical
yesterday announced the Extended Security Maintenance for Ubuntu
14.04 LTS “Trusty Tahr”
, which means critical and important security patches
will be available beyond the Ubuntu 14.04 end-of-life date (April 2019).

Mozilla to hold a high-level panel discussion on “the future of advertising in
an open and sustainable internet ecosystem”
at the 40th annual International Conference of Data
Protection and Privacy Conference
in Brussels,
Belgium October 22–26, 2018. The discussion is titled “Online
advertising is broken: Can ethics fix it?”, and it’s scheduled for October
23, 2018.

Attackers stole credit-card information from Newegg by injecting 15 lines
of skimming code on the online payments page, which remained undetected from
August 14th to September 18, 2018, TechCrunch
reports
. Yonathan Klijnsma, threat researcher at RiskIQ, told TechCrunch
that “These attacks are not confined to certain geolocations or specific
industries—any organization that processes payments online is a
target.” If you entered your credit-card data during that period, contact
your bank immediately.

MetaCase this morning announced the launch of MetaEdit+ 5.5 for Linux, which brings
collaborated models to Git and other version control systems. It’s
“aimed at expert developers looking to gain productivity and quality by
generating tight code directly from domain-specific models”.
You can
download a free trial from here.

MariaDB has acquired Clustrix, the
“pioneer in distributed database technology”. According to the press release,
this acquisition gives “MariaDB’s open source
database the scalability and high-availability that rivals or exceeds Oracle
and Amazon while foregoing the need for expensive computing platforms or high
licensing fees.”

via Linux Journal – The Original Magazine of the Linux Community

Investigating Some Unexpected Bash coproc Beha…

Investigating Some Unexpected Bash coproc Behavior:

Recently while refreshing my memory on the use of Bash’s coproc feature,
I came across a reference to a pitfall that described what I thought was
some quite unexpected behavior.
This post describes my quick investigation of the pitfall and suggests a workaround
(although I don’t really recommend using it).

via Linux Journal – The Original Magazine of the Linux Community

Ampere eMAG for Hyperscale Cloud Computing Now…

Ampere eMAG for Hyperscale Cloud Computing Now Available, LLVM 7.0.0 Released, AsparaDB RDS for MariaDB TX Announced, New Xbash Malware Discovered and Kong 1.0 Launched:

News briefs for September 19, 2018.

Ampere,
in partnership with Lenovo, announced availability of the Ampere eMAG for
hyperscale cloud computing. The first-generation Armv8-A 64-bit processors
provide “high-performance compute, high memory capacity, and rich I/O to
address cloud workloads including big data, web tier and in-memory
databases”. Pricing is 32 cores at up to 3.3GHz Turbo for $850 or
16 cores at up to 3.3GHz Turbo for $550.

LLVM 7.0.0 is out. This release is the result of six months of work by the
community and includes “function multiversioning in Clang
with the ‘target’ attribute for ELF-based x86/x86_64 targets, improved
PCH support in clang-cl, preliminary DWARF v5 support, basic support
for OpenMP 4.5 offloading to NVPTX, OpenCL C++ support, MSan, X-Ray
and libFuzzer support for FreeBSD, early UBSan, X-Ray and libFuzzer
support for OpenBSD, UBSan checks for implicit conversions, many
long-tail compatibility issues fixed in lld which is now production
ready for ELF, COFF and MinGW, new tools llvm-exegesis, llvm-mca and
diagtool.” See the release
notes
for details, and go here to
download.

Alibaba Cloud and MariaDB announce AsparaDB RDS for MariaDB TX, which is “the
first public cloud to incorporate the enterprise version of MariaDB
and provide customer support directly from the two companies. ApsaraDB RDS
for MariaDB TX provides Alibaba Cloud customers the latest database
innovations and most secure enterprise solution for mission-critical
transactional workloads.” See the press
release
for more information.

Unit 42 researchers have discovered a new malware family called
Xbash, which they have connected to the Iron Group, that targets Linux and
Microsoft Windows severs. Besides ransomware and coin-mining capabilities, “Xbash also has
self-propagating capabilities (meaning it has worm-like characteristics
similar to WannaCry or Petya/NotPetya). It also has capabilities not
currently implemented that, when implemented, could enable it to spread very
quickly within an organizations’ network (again, much like WannaCry or
Petya/NotPetya).” See the Palo
Alto Networks post
for more details on the attack and how to protect your
servers.

Kong Inc. yesterday announced the launch of Kong 1.0, the “only open-source
API purpose built for microservices, cloud native and server less
architectures”.
According to the
press
release
, Kong 1.0 is feature-complete: “it combines sub-millisecond low latency, linear scalability and unparalleled
flexibility with a robust feature set, support for service mesh patterns,
Kubernetes Ingress controller and backward compatibility between versions.”
See also the Kong
GitHub page
.

via Linux Journal – The Original Magazine of the Linux Community

Endless OS and Asus, Update on L1TF Exploit, F…

Endless OS and Asus, Update on L1TF Exploit, Free Red Hat DevConf.US in Boston, Linux 4.19 Kernel Update:

Some of us may recall a time when ASUS used to ship a stripped down version of Xandros Linux with their line of Eee PC netbooks. Last week, the same company announced that Endless OS will be supporting non-OS offerings of their product. However it comes with a big disclaimer stating that ASUS will not officially support the operating system’s compatibility issues.

The latest update on the L1TF exploit: the 4.18, 4.17, 4.14, 4.9 and 4.4 Linux kernels have all been updated to mitigate the vulnerability.

From today to Sunday, August 19, Red Hat is hosting their first free and annual DevConf.US developer summit in Boston. If you are interested in attending or wish to learn more, details can be found here.

Many updates and features are finding their way into the Linux 4.19 kernel; features that include better CPU power management. Also included are NVM block device, file system, video code enhancements and more.

Image removed.

via Linux Journal – The Original Magazine of the Linux Community

The Chromebook Grows Up

The Chromebook Grows Up:

pixelbook

Android apps meet the desktop in the Chromebook.

What started out as a project to provide a cheap, functional, secure
and fast laptop experience has become so much more. Chromebooks in general
have suffered from a lack of street-cred acceptance. Yes, they did a
great job of doing the everyday basics—web browsing and…well, that
was about it. Today, with the integration of Android apps, all new and
recently built Chrome OS devices do much more offline—nearly as much
as a conventional laptop or desktop, be it video editing, photo editing
or a way to switch to a Linux desktop for developers or those who just
like to do that sort of thing.

Figure 1. Pixelbook in the Dark

Before I go further, let me briefly describe the Linux road I’ve
traveled, driven by my curiosity to learn and see for myself how much
could be done in an Open Source world. I’ve used Linux and have been
a Linux enthusiast ever since I first loaded SUSE in 2003. About three
years later, I switched to Ubuntu, then Xubuntu, then Lubuntu, then
back to Ubuntu (I actually liked Unity, even though I was fine with
GNOME too). I have dual-booted Linux on several Gateway desktops and
Dell laptops, with Windows on the other partition. I also have owned a
Zareason laptop and most recently, a System 76 laptop—both exclusively
Ubuntu, and both very sound, well-built laptops.

Then, since I was due
for a new laptop, I decided to try a Chromebook, now that Android apps
would greatly increase the chances of having a good experience, and I was
right. Chrome OS is wicked fast, and it’s never crashed in my first six
months of using it. I mention this only to provide some background as
to why I think Chrome OS is, in my opinion, the Linux desktop for the
masses that’s been predicted for as long as I’ve used Linux. Granted,
it has a huge corporate behemoth in the form of Google behind it, but
that’s also why it has advanced in public acceptance as far as it
has. This article’s main purpose is to report on how far it has come
along and what to expect in the future—it’s a bright one!

Chromebooks now have access to Microsoft Office tools, which is a must for those
whose employers run only MS Office products. Although Google Docs does a
good job with basic document creation and conversion, and although you can
create a slide presentation with it, it won’t do things like watch
or create a PowerPoint presentation. That’s where the Microsoft
PowerPoint Android app comes in handy. If you need to watch one, simply
download the PowerPoint file and open it with PowerPoint (you can do this
without paying for Microsoft office). However, if you want to create
or edit one, you’ll have to pay for a yearly subscription or use
your company’s subscription.

via Linux Journal – The Original Magazine of the Linux Community

Valve Working to Make Windows Games Run in Lin…

Valve Working to Make Windows Games Run in Linux, Intel Vulnerability Being Patched, CentOS 7.5 Available, GNOME 3.29.91 Released:

Happy belated 21st birthday to GNOME! The project celebrated this milestone by releasing version 3.29.91.

Good news to all the gamers out there: Valve is working on a set of compatibility tools to allow Windows developed games to run on Linux. More can be read here.

In recent security related news, a new Intel-focused vulnerability affecting Linux, the L1TF or “Foreshadow”, is being patched by all the major distributions. Details about these exploits can be found here.

A bit of advise to our travelers with laptops: you should limit or refrain from placing stickers on your devices. It may be a great way to express oneself but anything ranging from political, recreational or business related content can be used against (or possibly detain) you when attempting to cross international borders.

In other news, the CentOS project just announced the availability of version 7.5 for the IBM Power9 architecture.

via Linux Journal – The Original Magazine of the Linux Community

FOSS Project Spotlight: SIT (Serverless Inform…

FOSS Project Spotlight: SIT (Serverless Information Tracker):

sit logo

In the past decade or so, we’ve learned to equate the ability to collaborate
with the need to be online. The advent of SaaS clearly marked the departure
from a decentralized collaboration model to a heavily centralized one. While
on the surface this is a very convenient delivery model, it simply doesn’t
fit a number of scenarios well.

As somebody once said, “you can’t FTP to Mars”, but we don’t need to go as far.
There are plenty of use cases here on Earth that are less than perfectly suited
for this “online world”. Lower power chips and sensors, vessel/offshore collaboration,
disaster recovery, remote areas, sporadically reshaping groups—all these make
use of central online services a challenge.

Another challenge with centralization is somewhat less thought of—building software
that can handle a lot of concurrent users and that stores and processes a lot of
information and never goes down is challenging and expensive, and we, as consumers,
pay dearly for that effort.

And not least important, software in the cloud removes our ability to adapt it
perfectly for use cases beyond its owner’s vision, scope and profitability
considerations. Convenience isn’t free, and this goes way beyond the price tag.

SIT is a free, open-source project that addresses these and other concerns in software
that enables us to collaborate. It allows sporadically connected parties to continue
collaborating seamlessly, over just about any digital transport (ranging from a P2P
network to a USB drive). At its core, it’s a very small tool that records every
change as an immutable, additive-only set of files and allows this information
to be displayed and operated on in a familiar way, though browser-based applications
or the command line.

Figure 1. SIT Issue Tracker

Although its foundation is rather generic, its first real application is in issue
tracking
, and it enables a lot of
scenarios that were previously rather difficult to achieve. For example, if a SIT
repository is committed to a project repository, this allows you to see a
snapshot of all issues for any revision, making it much easier to maintain
separate versions or trace changes. Another interesting feature is its
merge request functionality, where a patch, by its nature, can contain file
changes that affect a project’s issues, giving enormous flexibility in managing
dependent issues (say you developed a feature and want to attach a “to-do” list
to it as a part of the patch, so those new issues will appear only once the
patch has been merged—with SIT this is a rather trivial task).

via Linux Journal – The Original Magazine of the Linux Community

New Intel Chip Exploits Discovered, Instagram …

New Intel Chip Exploits Discovered, Instagram Accounts Attacked, Nativ Vita Hi-Res Music Server Has New Features, QEMU 3.0 Now Available and the Debian GNU/Linux Project Turns 25 Tomorrow:

News briefs for August 15, 2018.

Three new Meltdown/Spectre-type Intel chip exploits have been discovered
that affect Intel’s desktop, workstation and server CPUs, and they are
especially problematic for containers. ItProToday
reports
that “The latest exploits might prove to be particularly
troublesome for those using containers since each container runs on its own
implementation of Linux, which likely means each and every container will
need to be patched. According to Red Hat, ‘every Linux and Kubernetes
distribution is impacted. All organizations deploying containers should
consult their Linux/Kubernetes/containers provider.’” See also the Red
Hat blog
for more information.

Instagram accounts are being attacked—even those using 2FA. Mashable
reports
that users are being locked out of their accounts, their
profile avatars are being changed and bios deleted. Restoring account access
is evidently quite difficult.

The open
platform Nativ
Vita Hi-Res Music Server
has been updated, adding serious new
functionality, such as multi-room streaming, support of up to 10TB, playing
music from a NAS or computer and CD ripping.

QEMU 3.0 is now available. Phoronix
reports
that this big feature release
brings new functionality and several improvements including “Spectre
V4 mitigation for x86 Intel/AMD, improved support for nested KVM guests on
Microsoft Hyper-V, block device support for active mirroring, improved
support for AHCI and SCSI emulation, OpenGL ES support within the SDL
front-end, improved latency for user-mode networking, various ARM
improvements, some POWER9 / RISC-V / s390 improvements too, and various other
new bits.” See the QEMU
ChangeLog
for details.

The Debian GNU/Linux project turns 25 tomorrow. Source: ITWire.

via Linux Journal – The Original Magazine of the Linux Community

Shuffling Letters and Words

Shuffling Letters and Words:

You can shuffle your feet and you can shuffle cards, but can you shuffle
characters? Dave’s latest column explores the possibilities.

My last few articles have described building a pretty sophisticated password
generator, except for one thing: I never quite got to the point of
scrambling the end result to add a second level of randomness. I sidestepped
the issue by saying it was an exercise for the reader, but in fact, it’s
a pretty interesting problem, so let’s look at it here.

You can reverse a word with the handy Linux command rev, like so:


$ echo "hello from the other side" | rev
edis rehto eht morf olleh

You also can reverse lines in a file so that the last line is shown first,
penultimate line second, and so on:


$ cat -n test.me | sort -rn | cut -f2-
entering along with him.
enough to prevent a swirl of gritty dust from
glass doors of Victory Mansions, though not quickly
escape the vile wind, slipped quickly through the
chin nuzzled into his breast in an effort to
clocks were striking thirteen. Winston Smith, his
It was a bright cold day in April, and the

You recognize that opening paragraph even though it’s backwards, right?
“Clocks were striking thirteen” can only be George Orwell’s
cautionary tale 1984.

Note: there’s a Linux command called tac that offers a reverse
cat, which
would do the job too, but I’ve always loved sort -rn as a
command, so
I wanted to demonstrate how to use it in a pipeline to accomplish the same
result.

How about getting the lines of this file, but in completely random order?
There’s a command for that—at least in Linux: shuf. It’s not
available on the Mac OS X command line, however, so if you’re playing
along at home with your Mac system, well, you’ve just hit a road block.
Sorry about that. I offer an alternative at the end of this article
though, so don’t despair!

If you’re on a Linux system (and this is Linux Journal after all), then
check this out:


$ cat test.me | shuf
clocks were striking thirteen. Winston Smith, his
entering along with him.
glass doors of Victory Mansions, though not quickly
escape the vile wind, slipped quickly through the
enough to prevent a swirl of gritty dust from
chin nuzzled into his breast in an effort to
It was a bright cold day in April, and the

So those commands are all ready to go, but how about scrambling letters
in a line? That can be done with the shuf command as
demonstrated previously, but
individual lines aren’t quite ready for the shuf treatment.

You can break up words by using the under-appreciated
fold command, like this:

via Linux Journal – The Original Magazine of the Linux Community

FOSS Software Alternatives to Popular Propriet…

FOSS Software Alternatives to Popular Proprietary Software:

free and open source software alternatives to proprietary software

A list of FOSS alternatives to popular proprietary software was compiled in to what is now a popular infographic by anonymiss@despora.de. We’ve contributed by making a text list of the infographic. Now it’s your turn– tell us what FOSS alternatives you recommend in each category and we’ll add them to this master list.

Google

YouTube

Google Maps

Gmail

Google Play

Facebook

Instagram

WhatsApp

Twitter

Encyclopedia Britannica

Microsoft Windows

Internet Explorer

Microsoft Office

Adobe Photoshop

via Linux Journal – The Original Magazine of the Linux Community