Feed aggregator

Managing VMs with the Virtual Machine Manager

LXer - 55 min 58 sec ago
Explore the use of virt-manager, its capabilities on modest hardware, and how to use it to manage and monitor live VM performance.

Stay classy: Amazon's Jassy gets sassy with Larry

LXer - 2 hours 10 min ago
AWS boss claims consumer division has switched off Oracle data warehouseAmazon’s consumer business has switched off its Oracle data warehouse and will be almost Big Red-free by Christmas – at least according to AWS boss Andy Jassy.…

Linux security: it's not great

Reddit - 3 hours 6 min ago

Hi. I'd be glad if you read all of my post and gave me some insight, whether you're new to Linux or have been using it for decades.

How do you live with the dreadful Linux security landscape?

Commits that fix security issues often leave out the CC: for the stable branch, don't have a CVE, and don't even explicitly mention the adverse effects that could befall someone without the fix. Most distributions use slightly older kernels (or way older, for CentOS/RHEL/Debian) and backport specific fixes to them. Security fixes without a CVE - and there are a lot of them - are often left out, and only available to those running the latest releases. Again, *most* distributions do not do that. Many users thus never get those patches and remain vulnerable.

Most Linux distributions ship with sub-optimal default settings (mount flags, sysctls, kernel configuration, [package mirrors](https://isis.poly.edu/~jcappos/papers/cappos_mirror_ccs_08.pdf) over [HTTP](https://www2.cs.arizona.edu/stork/packagemanagersecurity/attacks-on-package-managers.html), binaries built without much/any hardening, etc.) and leave the task of securing the box up to the system administrator. If you're experienced with that, great, but a lot of people are not. The ones who just install Linux and start using it are at very much at risk if the defaults are not good. I would expect something like Gentoo to leave everything up to the admin like that, not Mint or *buntu.

Different distributions get security fixes at different times. I saw Ubuntu fix **[three local root vulnerabilities in systemd](https://usn.ubuntu.com/3816-1/)** today, but didn't see an advisory for Debian (for example). Maybe it already happened and I just missed it or something, but, for a security-conscious newcomer, this makes choosing a distribution very confusing. Who will get the fixes first? Sometimes [different versions of the same distro don't even get all the fixes](https://security-tracker.debian.org/tracker/source-package/linux). With few exceptions like the (linux-)distros mailing lists, there seems to be no coordination. BTW, about the systemd one: that should probably be its own section. Horrible security record there. Same with glibc. Same with OpenSSL.

Exploit mitigation techniques, even basic ones, are not a strong focus of upstream Linux or the distributions at all. If you want those, you(r company) has to pay grsecurity for their secret patchset. The [KSPP](https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project) is not making much progress at all either. In fact, if the grsecurity author is to be believed, they shoehorn a lot of the grsec/PaX patches in without fully understanding them, thus introducing bugs. I know Brad has a pretty insufferable personality and it's in his best interests ($$$) to talk shit about the upstream code. Still, the whole situation is absolutely horrible and completely bizarre to someone that's not a Linux user. One guy keeps security fixes and improvements to himself, publicly boasting about how the vast majority of users are vulnerable to attack, and keeps his code sealed off behind an expensive paywall. He does not want the upstream kernel or GCC to improve; he wants more customers. The concept is very alien to someone like me. When governments or other malicious actors buy his code, they now have a private list of fixes to use against anyone else - *against you*. I could argue that grsecurity/PaX is a hostile actor. Theoretically, why doesn't one company buy the patch, get some people to integrate it, and move on? Everyone would be safer. More importantly: **why does no one care about this?** A run-of-the-mill Linux install is not protected against modern ROP attacks without modern mitigations available and enabled. With Linux, the attackers are way ahead of the defenders.

Some Linux users seem to operating under the false assumption that their OS is "secure." Without diving into how broad of a subject security really is, it's pretty clear to me that almost no one creating Linux has user security as a very high priority. It tops the CVE charts time and time again, and no it's not just because "more people are reading the code." Corporate involvement in Linux development has skyrocketed, overshadowing the non-corporate involvement by a large degree. Companies get what they want in the tree and don't care how it affects everyone else. Does it build? Ship it! One random example: Have you seen the size of the amdgpu codebase? Look into it if not. Maybe some users will never take those codepaths and fall victim to the bugs, but not every example is so specific. It's a widespread problem throughout the entire kernel.

Why are things so bad? What can we do to fix them? If possible, try to avoid overly dismissive replies like "all software is bad" or "every computer is insecure" and so on.

submitted by /u/baboon69420
[link] [comments]

Modular automation controller builds on UP Squared SBC

LXer - 3 hours 24 min ago
Techbase is shipping a Linux-friendly industrial automation controller called the ModBerry M2000 based on the UP Squared SBC, featuring GbE, SATA, and M.2. Polish development firm Techbase offers a growing family of industrial control computers based on popular SBCs such as the Raspberry Pi 3B+ based ModBerry M500 and UP board based ModBerry M1000. Now, […]

Wayland Protocols 1.17 Brings Explicit Synchronization & Primary Selection

Phoronix - 4 hours 15 min ago
Jonas Ådahl of Red Hat today released a new version of Wayland-Protocols, the collection of stable and unstable protocols for extending Wayland functionality...

Odd Realm is a sandbox settlement builder inspired by Dwarf Fortress and Rimworld with Linux support

LXer - 4 hours 38 min ago
Inspired by the likes of Dwarf Fortress and Rimworld, Odd Realm is a sandbox settlement builder currently in Early Access on itch with full Linux support.

Just got started with Linux on DeX? Come join us on r/LinuxOnDeX!

Reddit - 4 hours 39 min ago

There's a troubleshooting megathread, one for talking about all the cool stuff you got up and running today, and lots of room for more. Come hangout!

r/LinuxOnDeX

submitted by /u/I_Love_That_Pizza
[link] [comments]

Anyone know where to find resources to learn what you'd need for a red hat certification?

Reddit - 4 hours 56 min ago

Pretty much just title, I just can't really afford the official classes from redhat, and I'd rather cheaper or free.

submitted by /u/TheRoyalBrook
[link] [comments]

OSS: Google and Seattle GNU/Linux Conference

TuxMachines - Mon, 2018-11-12 23:35
  • Google open-sources AI that can distinguish between voices with 92 percent accuracy

    Diarization — the process of partitioning out a speech sample into distinctive, homogeneous segments according to who said what — doesn’t come as easy to machines as it does to humans, and training a machine learning algorithm to perform it is tougher than it sounds. A robust diarization system must be able to associate new individuals with speech segments that it hasn’t previously encountered.

  • Google Chrome Labs releases open source, browser-based image optimization tool, Squoosh

    Demonstrated briefly at the Chrome Dev Summit, Squoosh’s top priority is speed, and is primarily just a demo of new capabilities that recent improvements to Chrome already bring to the table. For example, by using WebAssembly, Squoosh is able to use image codecs that are not typically available in the browser.

  • Why the Linux console has sixteen colors (SeaGL)

    At the 2018 Seattle GNU/Linux Conference after-party, I gave a lightning talk about why the Linux console has only sixteen colors. Lightning talks are short, fun topics. I enjoyed giving the lightning talk, and the audience seemed into it, too. So I thought I'd share my lightning talk here.

read more

Virtual keyboard software?

Reddit - Mon, 2018-11-12 23:31

I'm looking for a software to have the screen keyboard on my touch screen pc because the default gnome does not open if I use the browser, I write mail etc. Before I used onboard, but with fedora, the latter, does not attach to the bottom of the screen (I do not know why) and I do not want to use it in fluctuating mode. Some alternative software and an onboard solution?

submitted by /u/TeoCol777
[link] [comments]

How to set up PySpark for your Jupyter notebook

LXer - Mon, 2018-11-12 23:29
Apache Spark is one of the hottest frameworks in data science. It realizes the potential of bringing together big data and machine learning. This is because:read more

Kernel: Linux System Wrapper Library, Microsoft Mice, and EXOFS

TuxMachines - Mon, 2018-11-12 23:27
  • Kernel Developers Debate Having An Official Linux System Wrapper Library

    As new system calls get added to the Linux kernel, these syscalls generally get added to Glibc (and other libc libraries) for developers to make easy use of them from their applications. But as Glibc doesn't provide 1:1 coverage of system calls, sometimes is delayed in their support for new calls, and other factors, there is a discussion about providing an official Linux system wrapper library that could potentially live as part of the kernel source tree.

    This weekend was the initial proposal for having an official Linux system wrapper library. Though that initial proposal is a bit flawed in saying that "glibc is basically not adding new system call wrappers", as they are, just sometimes it takes a while among other factors. But it is accurate in reflecting a problem with the status quo.

  • Linux Getting Two-Line Patch To Finally Deal With The Quirky Microsoft OEM Mouse

    While Microsoft is self-proclaimed to love Linux, their common and very basic Microsoft OEM Mouse has not loved the Linux kernel or vice-versa... The Linux kernel HID code is finally getting a quirk fix to deal with the Microsoft OEM mouse as it would disconnect every minute when running at run-levels one or three.

    The basic Microsoft OEM Mouse that's been available for years (appearing as a PixArt vendor and USB ID 0x00cb) would disconnect every 60~62 seconds on Linux systems when connected out-of-the-box. This isn't some high-end gaming mouse but Microsoft's dead basic OEM optical mouse.

  • Linux Poised To Remove Decade-Old EXOFS File-System

    The Linux kernel will likely be doing away with EXOFS, a file-system that had been around since the Linux 2.6.30 days.

    EXOFS is a file-system originally derived from EXT2 file-system code for basing it on an external object store. This object-based file-system was originally developed by IBM.

    Veteran kernel developer Christoph Hellwig is now seeking to remove the EXOFS object-based file-system on the basis of it being "just a simple example without real life users."

read more

today's howtos and CLI examples

TuxMachines - Mon, 2018-11-12 23:23

read more

OpenStack vs. Cloud Foundry vs. Kubernetes: What Fits Where?

TuxMachines - Mon, 2018-11-12 23:08

Open-source cloud application infrastructure can be a confusing landscape to navigate with multiple projects, including OpenStack, Cloud Foundry and Kubernetes. While there are some points of overlap, each technology has its own merits and use-cases.

Among the vendors that uses and contributes to OpenStack, Cloud Foundry and Kubernetes is SUSE, which also has commercial products for all three technologies as well. In a video interview with eWEEK, Thomas Di Giacomo, CTO at SUSE explains how the three open-source technologies intersect at his company.

"We see that our customers don't use a single open-source project, most of the time they to use different ones, with different lifecycles and sometimes they overlap," Di Giacomo said.

read more

Mesa Drops Support For AMD Zen L3 Thread Pinning, Will Develop New Approach

Phoronix - Mon, 2018-11-12 22:48
It was just a few months back that the Mesa/RadeonSI open-source AMD Linux driver stack received Zen tuning for that CPU microarchitecture's characteristics. But now AMD's Marek Olšák is going back to the drawing board to work on a new approach for Zen tuning...

Pages

Subscribe to LinuxInsight aggregator