Reddit

Subscribe to Reddit feed
All things Linux and GNU/Linux -- this is neither a community exclusively about the kernel Linux, nor is exclusively about the GNU operating system.Linux, GNU/Linux, free software...
Updated: 32 min 16 sec ago

Automation for server deployment

Thu, 2018-10-11 11:57

Hi, i'm working as linux sys admin for over a year in a relatively big company and since the company start there is no automation for server deployment we use netboot with github to deploy our servers but this makes a lot of typos changing configurations and if you want to change or deploy new configuration file you have to add it manually to every server and change the netboot folders . So i got a great idea that there is a lot of tools these days to automate the server deployment/maintenance because the company is getting bigger and more and more severs needed to be deployed most of the deployment is still manual.

What question i have i know there is Puppet, Ansible or Salt for these kind of things but i wanted to hear your guys recommendations for this thing and your opinions on this.

Main thing i want for this is:

*Configuration file control so every configuration file would be the same in every server.

*New server deployment.

Would appreciate every opinion and recommendation on this.

submitted by /u/EphemeralNight
[link] [comments]

TIL: CTRL + M simulates ENTER in shell

Thu, 2018-10-11 10:49

TIL: CTRL + M simulates ENTER in shell

submitted by /u/vvavvavvivva
[link] [comments]

Install Steam on Arch Linux

Thu, 2018-10-11 08:48

German Word Counter

Thu, 2018-10-11 08:27

I'm looking for some support to learn German.

Somebody know some sort of software that I can input a text in German, and as output hit a word counter in German, that it is sophisticated enough to consider the same verbs and so on?

submitted by /u/Safrinha
[link] [comments]

Is there a productivity distribution?

Thu, 2018-10-11 08:22

Is there a linux distro geared toward productivity? I've never heard of one but i know that things like this exist for other disciplines such as kali for pen testing.

submitted by /u/lantech19446
[link] [comments]

FLOSS Weekly: Sway

Thu, 2018-10-11 08:11

Linux LS

Thu, 2018-10-11 06:29

Linux networking question

Thu, 2018-10-11 06:00

I feel like this is a stupid question, but for the life of me I can't figure out why it's not working.

I have a switch (D-Link DGS 108), and connected to it I have 2 raspberry pis. These raspberry pis are configured to have IP addresses 192.168.1.1 and 192.168.1.2 respectively. When I connect them directly through the ethernet ports, I can ping them with no problem. But when I attempt to connect them through the switch I get DESTINATION COULD NOT BE REACHED.

Am I doing something wrong? I'm editing the /etc/network/interface file to change the ip address and netmask (making it a /24) but I don't put anything for gateway. Then, I restart the networking.service and then reboot the pi entirely.

Any help would be fantastic! My raspberry pis are running Kali and Raspbian.

So for my actual question. What is the difference between /etc/networki/interface and /etc/dhcpd.conf? Do they do different things? Could that be the source of my problems, if the interface file is still setting my ip as what I want it to?

submitted by /u/bresule2
[link] [comments]

Why don't we have more modular distro options?

Thu, 2018-10-11 04:18

So ... as I understand it, one of the limiting factors about linux distros is that they have to decide on what hardware they're going to support. But that's not just a technological limitation, it's also a space limitation. I'm going to exaggerate here, but let's say a certain distro can support drivers for 500,000 different devices. You still have to pick which ones are going to be on the final CD/DVD.

I understand the desire to have one CD or one DVD that can be downloaded that will work for the widest array of computers so that the distros can be loaded onto the widest number of PCs without needing an internet connection. But at the same time, I don't understand why there isn't another option.

I mean, I know some distros have a network installation option, but - and correct me if I'm wrong in this - I believe those network installation tools simply download the same ISO, just across the network instead of a local CD/DVD. But I'm sure there are plenty of people out there who aren't afraid of connecting their laptop to the Internet (with some stipulations I'll get to in a moment) where an OS could be downloaded with only the drivers that PC needs.

Imagine this:

You have a PC set to boot from USB. Your USB has a small distro that focuses its resources on carrying only drivers needed to support getting online. No CD/DVD/webcam/sound card drivers, but that makes more room for more modem drivers, etc. It supports a small firewall that only allows connectivity to/from one specific web domain.

Once online the PC connects to that domain, uploads the hardware on that PC, a server-based application reads that and determines what OS options are available. It lists them in a table (which can be sorted based on release date or other features) and includes links to mirror sites.

If the community could develop something like that then the next step would be to expand the system to where each distro repository makes it possible to pick only the drivers needed for that PC, then compile the ISO specifically for that PC. This would be more complex, but would reduce file sizes to be downloaded. And if this is being done for a company that has multiple of the same PC to do I'd expect the image created from the first PC would be smaller, too.

So in the end you'd have the one CD/DVD maintained for offline installations, and this other modular tool for PCs that can have internet access.

Are people already working in this direction and I just don't know it? If no one is, why not? Is it a resource limitation? I have to ask because I would think eventually something like this would actually require fewer resources to maintain, because instead of spending cycles debating what drivers are included on which CD/DVD we would just allow the modular option and then base what's on the CD/DVD on what got downloaded the most from the previous distro version.

Am I just smoking too much crack?

submitted by /u/flapanther33781
[link] [comments]

A Linux terminal distribution that can reside in ROM chips

Thu, 2018-10-11 03:41

To install any Operating System you need to get that OS in USB or hard disk. That seems like a very old school way. I am wondering if BIOS program can be rewritten to add basic Linux terminal feature in it so it can be used to pull Ubuntu or any other free resource from the internet without needing to install any other OS. Issue I am looking into,

Do you guys think its a practical thing to make such a solution? Thanks

submitted by /u/FahadUddin92
[link] [comments]

Linus made a fundamental change to Linux development that caused ire in the community without prior thought or consideration

Thu, 2018-10-11 03:27

On the 15th of September 2018, Greg KH authored a change to revamp the CoC - this was committed by Linus a day later and pushed into his tree.

I would suspect that this was quite a surprise to many people - just like his apology email that was sent on the same day.

Why was such a huge change made without prior warning and discussion in the community?

Right now there is a patch that wants to strip the enforcement section "to give the community time to consider and debate how this should be handled".

Why would such a 'breaking' change by authored at any point after the merge window? Linus has always said you never break the user. Yet it can be seen that a CoC change can 'break' the user by causing all the issues and drama we've seen over the last few weeks (talks about forking, trolls discussing how to somehow rescind GPL2 property).

My main point here is this seems out of character for a project the size of Linux - after this change the community exploded - this sub and various social media platforms and the discussions continue to this day.

And for what reason? This could easily have waited for 4.20 after the summit and proper discussions to take place. I think the issue here is making what I consider to be a significant change without properly thinking it through. At best this becomes a PR that is only merged when people are happy, perhaps after a vote has take place.

This isn't Linus Torvalds, this isn't Linux and has me very worried why nobody is discussing or explaining this further.

This has fundamentally changed things on a political and societal level with how people engage with the Kernel development process, yet nobody seems bothered how it came to be out of the blue...

submitted by /u/thecodingdude
[link] [comments]

Boot flash drive with swap and bios

Thu, 2018-10-11 02:43

Is their anyway to boot my laptop with a flash drive that doesn't use the ram on the laptop and uses a swap on the flash drive instead? Would this work if I put a bios on the flash drive with the swap? Would I have to put the operating system on the flash drive also?

submitted by /u/grey1138
[link] [comments]

Let's see why Flatpak and sandboxing are awesome! (Also, a response to the recent Flatkill page)

Thu, 2018-10-11 02:13

Okay, so sometimes I see some misunderstandings about Flatpak going around, and this interesting page unfortunately has not done much to help. I figured I'd take a brief moment to try and give a bit of an explanation of how exactly it works and why it's even a thing.

Portability

I'm not going to bother with this too much, since I think everyone knows this is one of Flatpak's main points. However, I've seen some people say that distro packaging helps improve security because of the people reviewing everything first.

Distro packaging can bring its own set of interesting problems, but this only works for packages they want to accept. Closed-source packages, where malicious software would realistically come from, are downloaded from the internet and never go through the actual distro screening. The only thing it really does is cause a higher barrier of entry for the average user trying to deploy their applications.

Sandboxing

This is the #1 question I see: why do we need sandboxing? It's easy to imagine when it comes to commercial applications, but it doesn't seem immediately obvious as to why you'd need it for an average application.

However, sandboxing isn't just for malicious software. Remember: security vulnerabilities are a thing! Imagine your open-source messaging client got a security vulnerability. Now an attacker can send a malicious message, run arbitrary code, and be able to see...the application's other data. Yup: most applications that use GTK+ 3 or Qt 5 (more on this later) will usually have pretty thorough sandboxing. More portals are being created to cover more things (such as the infamous webcam), but even in its current state, if GNOME MPV were to come across an infected file, not much would really happen.

Sandboxing (redux)

Okay, now comes the main part of the Flatkill page:

Almost all popular applications on flathub come with filesystem=host, filesystem=home or device=all permissions, that is, write permissions to the user home directory (and more), this effectively means that all it takes to "escape the sandbox" is echo download_and_execute_evil >> ~/.bashrc. That's it.

This includes Gimp, VSCode, PyCharm, Octave, Inkscape, Steam, Audacity, VLC, ...

First off, Flatpak has actually solved this problem. It has a concept called "portals", which let applications tap into the host for various reasons. The default filesystem portal will send a D-Bus message to your desktop environment, which will display an open or save dialog and then expose only the absolute minimum to the Flatpak'd app.

If this is the case, then why do all these apps require filesystem permissions? Look a second. Is there anything they share in common?

GTK+ 2!

Filesystem portals are used by GTK+ 3 and Qt 5, but GTK+ 2 doesn't support them. This also impacts applications built with Electron 1, since it didn't switch to GTK+ 3 until Electron 2.

Of course, this problem will gradually disappear over time. GIMP is moving GTK+ 3, Inkscape already has it working in the trunk, and Electron apps like Discord will gradually move over to Electron 2 (Zulip already has).

To make matters worse, the users are misled to believe the apps run sandboxed. For all these apps flatpak shows a reassuring "sandbox" icon when installing the app (things do not get much better even when installing in the command line - you need to know flatpak internals to understand the warnings).

This has nothing to do with Flatpak itself; if you install from the command-line, then you'll see all the permissions (this came out shortly before 1.0). This is an issue with GNOME Software. I'm not arguing it's not a problem, but it's hardly worth an entire section of this page.

Runtime updating

CVE-2018-11235 reported and fixed more than 4 months ago. Flatpak VSCode, Android Studio and Sublime Text still use unpatched git version 2.9.3.

This was a pretty unfortunate issue; the way runtimes are built has entirely changed with org.freedesktop.Platform 18.08, and as a result it took a long time to get out, and not all applications have upgraded to it. Eventually everything will have moved over, at which point this will no longer be an issue.

In addition, the new system makes it easier for runtimes to have LTS support for at least 2 years. That means major issues like this requiring migrations aren't really going to happen.

Desktop integration

Running KDE apps in fakepak? Forget about desktop integration (not even font size).

Okay, I genuinely have no clue what exactly they're referring to here... KDE itself has embraced Flatpak has a method of application distribution, and it's Kube's primary method of distribution.

Other security

Up until 0.8.7 all it took to get root on the host was to install a flatpak package that contains a suid binary (flatpaks are installed to /var/lib/flatpak on your host system). Again, could this be any easier? A high severity CVE-2017-9780 (CVSS Score 7.2) has indeed been assigned to this vulnerability. Flatpak developers consider this a minor security issue.

I'm honestly not sure how a security issue with Flatpak while it was still in beta and an out-of-context phrase from the changelog mean that it's terrible...

Summary

I'm personally all-aboard the Flatpak hype train! If you have any other doubts, please remember to take a look around instead of reading random stuff on the internet, because the internet has a tendency to...well, exaggerate stuff sometimes... ¯\_(ツ)_/¯

Side note: I find it interesting that a page mentioning Flatpak and the "cornerstone of linux security" doesn't use HTTPS...

submitted by /u/kirbyfan64sos
[link] [comments]

some Linux distros need to evolve if they are to survive into the future

Thu, 2018-10-11 01:37

I have encountered Linux distros that have difficult to install procedures and I'm shaking my head at how backwards they are. This isn't the early 90s folks, it's the 21st Century. Evolve or get left behind.

Let's face it, the 70s, 80s, and early 90s have come and gone and so are the computer users that lived in these times.

Computer users from these eras that I have spoken to are well adjusted to command-line installers because, well, they lived through it, for them it's like riding a bike, but for people like my nephew who was born in 2012, they will have no experience in using command-line interfaces and this will be his reaction if Linux distros doesn't evolve in installation process:

https://youtu.be/KMy1zO8m8sM?t=10

GUI is the future Linux distros. Embrace it like Ubuntu has. Ubuntu and all it's flavors are going to survive well into the future because they are evolving with the times.

submitted by /u/RagglenLove
[link] [comments]

Running apt-get update RE: ubuntu system specific things in /etc/apt/sources.list

Thu, 2018-10-11 00:36

I'm trying to deconstruct the basics of linux system here -

So do I understand correctly that when i run "apt-get update", that I am instructing the computer to check all of the links starting with deb for available packages (and also update the available "list" of packages if the user has added a new repository/source in sources.list)? Correct?

Then I can run packages that are newly available from the new "deb blah.com blah/ " line AND can run "apt-get upgrade" for any existing packages that have new versions. Is that right?

If I then understand correctly, if r/http://security.ubuntu.com/ubuntu/ etc. were to be compromised, and some other files were uploaded, AND THEN I had run an upgrade after all of that had happened, I would potentially fry my machine with the new security breaches.. is that right?

Aka, I should always be monitoring some twitter or newsfeed regarding the health of ubuntu... Does such a resource exist?

thank you!

submitted by /u/___MEDPOOL___
[link] [comments]

Pages