News & Information       http://info.owt.com

Linux

04/25/2019   LinuxSecurity.com
An update that solves 13 vulnerabilities and has one errata is now available.
04/25/2019   LinuxSecurity.com
An update that solves one vulnerability and has four fixes is now available.
04/25/2019   LinuxSecurity.com
An update that fixes 6 vulnerabilities is now available.
04/25/2019   LinuxSecurity.com
An update that fixes 6 vulnerabilities is now available.
04/25/2019   LinuxSecurity.com
An update that fixes two vulnerabilities is now available.
04/25/2019   LinuxSecurity.com
It was discovered that there was a path traversal vulnerability in the "mercurial" distributed revision version control system. Symbolic links and subrepositories could be used defeat Mercurial's
04/25/2019   LinuxSecurity.com
An update that solves two vulnerabilities and has four fixes is now available.
04/25/2019   LinuxSecurity.com
An update that fixes one vulnerability is now available.
04/25/2019   LinuxSecurity.com
Bind could be made to consume resources if it received specially crafted network traffic.
04/25/2019   LinuxSecurity.com
tcpflow could be made to crash or expose sensitive information over the network if it opened a specially crafted file or received specially crafted network traffic.
04/25/2019   LinuxSecurity.com
Several security issues were fixed in PHP.
04/24/2019   LinuxSecurity.com
Updated Red Hat AMQ Clients 2.3.1 packages are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
04/19/2019   InfoWorld Linux
Learn how to use the chmod command – the command for changing permissions on files. The only tricky part is understanding that there are two ways to represent file permissions.
04/19/2019   InfoWorld Linux

Docker is a software platform for building applications based on containers — small and lightweight execution environments that make shared use of the operating system kernel but otherwise run in isolation from one another. While containers as a concept have been around for some time, Docker, an open source project launched in 2013, helped popularize the technology, and has helped drive the trend towards containerization and microservices in software development that has come to be known as cloud-native development.

To read this article in full, please click here

04/04/2019   Linux Journal

Apache HTTP web server users are being urged to update their servers to patch for a critical vulnerability that could give an attacker a way to gain root access. Researcher Charles Fol discovered the vulnerability and writes about it in detail here: https://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html.

04/04/2019   Linux Journal

News briefs for April 4, 2019.

Google won't allow DRM in an open-source project. Samuel Maddock is building a browser called Metastream, an "Electron-based (Chromium derived), MIT-licensed browser hosted on GitHub. Its main feature is the ability to playback videos on the web, synchronized with other peers. Each client runs its own instance of the Metastream browser and transmits playback information to keep them in sync—no audio or video content is sent." He sent a request to Google for a license to implement Widevine in his browser, and received this reply, "I'm sorry but we're not supporting an open source solution like this", four months later. See also "After years of insisting that DRM in HTML wouldn't block open source implementations, Google says it won't support open source implementations" by Cory Doctorow for more on the story.

Collabora recently announced a new project called SPURV, which allows you to "run Android applications in the same graphical environment as regular Wayland Linux applications with full 3D acceleration." The announcement also notes that "For current non-Android systems, this work enables a path forward to running Android applications in the same graphical environment as traditional non-Android applications are run." Full build instructions are available on GitLab.

WPS Office for Linux version 11 (2019) was released recently. Linux Uprising reports that the new version of the office suite includes "support for high resolution screens, skin support, and interface updates." See the WPS Community site to download the Linux version.

PyCharm 2019.1.1 is now available. From the announcement: "PyCharm is the first JetBrains IDE to ship with the new JDK 11. This brings us improved performance and better rendering for our Jupyter Notebooks. Unfortunately, it also means that we ran into a couple of teething issues with the new JDK."

KDE Plasma 5.15.4 was released this week with more than three dozen bug fixes and improvements. According to Softpedia News, highlights of this release include "improvements to the Flatpak and Fwupd (firmware update) backends in the Plasma Discover package manager, better support for the latest Nvidia graphics drivers in the KWin window and composite manager, along with proper support for restoring the current desktop from session." See also the release announcement at KDE.org for more information and links to live images and downloads.

04/04/2019   Linux Journal
open source

Teaching kids about open source? Don't forget to teach them ethics as well.

Back when I started college, in the fall of 1988, I was introduced to a text editor called Emacs. Actually, it wasn't just called Emacs; it was called "GNU Emacs". The "GNU" part, I soon learned, referred to something called "free software", which was about far more than the fact that it was free of charge. The GNU folks talked about software with extreme intensity, as if the fate of the entire world rested on the success of their software replacing its commercial competition.

Those of us who used such programs, either from GNU or from other, similarly freely licensed software, knew that we were using high-quality code. But to our colleagues at school and work, we were a bit weird, trusting our work to software that wasn't backed by a large, commercial company. (I still remember, as a college intern at HP, telling the others in my group that I had compiled, installed and started to use a new shell known as "bash", which was better than the "k shell" we all were using. Their response was somewhere between bemusement and horror.)

As time went on, I started to use a growing number of programs that fit into this "free software" definition—Linux, Perl and Python were the stars, but plenty of others existed, from Emacs (which I use to this day), sendmail (pretty much the only SMTP server at the time), DNS libraries and the like. In 1998, Tim O'Reilly decided that although the "free software" cause was good, it needed better coordination and marketing. Thus, the term "open source" was popularized, stressing the practical benefits over the philosophical and societal ones.

I was already consulting at the time, regularly fighting an uphill battle with clients—small startups and large multinationals alike—telling them that yes, I trusted code that didn't cost money, could be modified by anyone and was developed by volunteers.

But marketing, believe it or not, really does work. And the term "open source" did a great job of opening many people's minds. Slowly but surely, things started to change: IBM announced that it would invest huge amounts of money in Linux and open-source software. Apache, which had started life as an httpd server, became a foundation that sponsored a growing array of open-source projects. Netscape tumbled as quickly as it had grown, releasing its Mozilla browser as open-source software (and with its own foundation) before going bust. Red Hat proved that you could have a successful open-source company based on selling high-quality services and support. And these are just the most prominent names.

With every announcement, the resistance to using open source in commercial companies dropped bit more. As companies realized that others were depending on open source, they agreed to use it too.

04/03/2019   Linux Journal

News briefs for April 3, 2019.

Fedora 30 Beta was released yesterday. Highlights include new desktop environment choices, DNF performance improvements, GNOME 3.32 and updated versions of many packages, such as Golang, Bash, Python and more. For more details, see the Fedora 30 Change set.

Chef has announced it is releasing all of its software as open source. According to DevOps.com, "Chef has decided to open source its entire portfolio of IT automation software as part of an effort to make it easier for organizations to construct a DevOps pipeline using the company's software. A part of that effort, Chef also launched the Chef Enterprise Automation Stack—which combines Chef Infra for managing infrastructure, Chef InSpec for maintaining compliance, Chef Habitat for managing applications, Chef Automate for managing hybrid clouds and Chef Workstation, a starter kit for launching Chef—within a single distribution of Chef software. Chef Infra is the original Chef project around which the company was launched."

elementary announced it is adopting Flatpak for AppCenter and its third-party developer ecosystem. The post makes clear that "while Flathub is a great place to get popular cross-platform apps, we still want AppCenter to be the best place to get apps that are specially developed for elementary OS." Also from the announcement: "Moving to Flatpak doesn't mean moving away from our focus on native apps, from enabling developers to get paid with pay-what-you-want downloads, or from the online AppCenter Dashboard where each app is carefully tested, reviewed, and curated before being published to users in AppCenter. We'll be providing our own hosted and curated Flatpak repo for AppCenter, much like we provide our own hosted and curated Debian repo today."

Unreal Engine 4.22 is now available. Major features with this new release include real-time ray tracing and path tracing, high-level rendering refactor, C++ iteration time improvements and much more. According to the Unreal Engine announcement, "This release includes 174 improvements submitted by the incredible community of Unreal Engine developers on GitHub!"

Linux developer Christopher Helwig has dropped the VMware lawsuit after a German court dismissed the case. ZDNet reports that "after the German Hamburg Higher Regional Court dismissed Helwig's appeal, he has decided that it would be pointless to appeal the decision." ZDNet summarized the background: "The heart of the lawsuit had been that Hypervisor vSphere VMware ESXi 5.5.0 violated Linux's copyright. That's because VMware had not licensed a derivative work from Linux under the GNU General Public License (GPL). True, VMware had disclosed the vmklinux component under the GPL, but not the associated hypervisor components. Or, as Helwig put it, 'VMware uses a badly hacked 2.4 kernel with a big binary blob hooked into it, giving a derived work of the Linux kernel that's not legally redistributable.'" See the article for more details on the history of the case.

04/03/2019   Linux Journal

"Marley was dead, to begin with."—Charles Dickens, A Christmas Carol.

As you surely know by now, Linux Journal started in 1994, which means it has been around for most of the Linux story. A lot has changed since then, and it's not surprising that Linux and the Free and Open Source Software (FOSS) community are very different today from what they were for Linux Journal's first issue 25 years ago. The changes within the community during this time had a direct impact on Linux Journal and contributed to its death, making Linux Journal's story a good lens through which to view the overall story of the FOSS community. Although I haven't been with Linux Journal since the beginning, I was there during the heyday, the stroke, the decline, the death and the resurrection. This article is about that story and what it says about how the FOSS community has changed.

It's also a pretty personal story.

A Bit about Me

Although it's true that I sometimes write about personal projects in my articles and may disclose some personal details from time to time, I generally try not to talk too much about my personal life, but as it's useful to frame this story, here we go. I grew up in an era when personal computers were quite expensive (even more so, now that I account for inflation), and it wasn't very common to grow up with one in your home.

In high school, I took my first computer class in BASIC programming. This class fundamentally changed me. Early on in the class I knew that I wanted to change any past career plans and work with computers instead. My family noticed this change, and my grandparents and mother found the money to buy my first computer: a Tandy 1000 RLX. Although there certainly were flashier or more popular computers, it did come with a hard drive (40MB!), which was still pretty novel at the time. Every time I learned a new BASIC command in school, I would spend the following evenings at home figuring out every way I could use that new-found knowledge in my own software.

I never got internet access during high school (my mom saw the movie WarGames and was worried if I had internet access, I might accidentally trigger a house call from the FBI). This just made it all the more exciting when I went to college and not only got a modern computer, but also high-speed campus internet! Like most people, I was tempted to experiment in college. In my case, in 1998 a neighbor in my dorm brought over a series of Red Hat 5.1 floppies (the original 5.1, not RHEL) and set up a dual-boot environment on my computer. The first install was free.

Desktop Linux in the Late 1990s

If you weren't around during the late 1990s, you may not realize just how different Linux was back then, but hopefully a screenshot of my desktop will help illustrate (Figure 1).

04/03/2019   InfoWorld Linux

Kubernetes is a popular open source platform for container orchestration — that is, for the management of applications built out of multiple, largely self-contained runtimes called containers. Containers have become increasingly popular since the Docker containerization project launched in 2013, but large, distributed containerized applications can become increasingly difficult to coordinate. By making containerized applications dramatically easier to manage at scale, Kubernetes has become a key part of the container revolution.

What is container orchestration?

Containers support VM-like separation of concerns but with far less overhead and far greater flexibility. As a result, containers have reshaped the way people think about developing, deploying, and maintaining software. In a containerized architecture, the different services that constitute an application are packaged into separate containers and deployed across a cluster of physical or virtual machines. But this gives rise to the need for container orchestration—a tool that automates the deployment, management, scaling, networking, and availability of container-based applications.

To read this article in full, please click here

04/02/2019   Virtualization
The Xen Project is continuing to enhance performance and boost security in its latest open-source hypervisor release.
04/02/2019   Linux Journal
Linus Torvalds

Linux Journal's very first issue featured an interview between LJ's first Publisher, Robert Young (who went on to co-found Red Hat among other things), and Linus Torvalds (author of the Linux kernel). After 25 years, we thought it'd be interesting to get the two of them together again. You can read that first interview from 1994 here.

Interview: Linus Torvalds and Robert Young

Robert Young: It is a great pleasure to have an excuse to reach out to you. How are you and your family? Your kids must be through college by now. Nancy and I and our three daughters are all doing well. Our eldest, Zoe, who was 11 when Marc and I started Red Hat, is expecting her second child—meaning I'm a grandparent.

Linus Torvalds: None of my kids are actually done with college yet, although Patricia (oldest) will graduate this May. And Celeste (youngest) is in her senior year of high school, so we'll be empty-nesters in about six months.

All three are doing fine, and I suspect/hope it will be a few years until the grandparent thing happens.

Bob: When I first interviewed you back in 1994, did you think that you'd be still maintaining this thing in 2019?

Linus: I think that by 1994 I had already become surprised that my latest project hadn't just been another "do something interesting until it does everything I needed, and then find something else to do" project. Sure, it was fairly early in the development, but it had already been something that I had spent a few years on by then, and had already become something with its own life.

So I guess what I'm trying to say is not that I necessarily expected to do it for another few decades, but that it had already passed the bump of becoming something fairly big in my life. I've never really had a long-term plan for Linux, and I have taken things one day at a time rather than worry about something five or ten years down the line.

Bob: There is a famous old quote about the danger of achieving your dreams—your running joke back in the day when asked about your future goals for Linux was "world domination". Now that you and the broader Open Source/Free Software community have achieved that, what's next?

Linus: Well, I stopped doing the "world domination" joke long ago, because it seemed to become less of a joke as time went on. But it always was a joke, and it wasn't why I (or any of the other developers) really did what we did anyway. It was always about just making better technology and having interesting challenges.

04/02/2019   Linux Journal

We feel in the mood to celebrate. Free 25th Anniversary Issue of Linux Journal for everyone! Follow this link to get yours: https://www.linuxjournal.com/free_issue 

04/02/2019   Linux Journal
Linux Journal 25th Anniversary Issue Cover

"Linux is an independent implementation of the POSIX operating system specification (basically a public specification of much of the Unix operating system) that has been written entirely from scratch. Linux currently works on IBM PC compatibles with an ISA or EISA bus and a 386 or higher processor. The Linux kernel was written by Linus Torvalds from Finland, and by other volunteers."

Thus begins the very first Letter from the Editor (written by Phil Hughes), in the very first issue of Linux Journal, published in the March/April issue in 1994...25 years ago—coinciding, as fate would have it, with the 1.0.0 release of the Linux kernel itself (on March 14th).

A quarter of a century.

Back when that first issue was published, Microsoft hadn't yet released Windows 95 (version 3.11 running on MS-DOS still dominated home computing). The Commodore Amiga line of computers was still being produced and sold. The music billboards were topped by the likes of Toni Braxton, Ace of Base and Boyz II Men. If you were born the day Linux Journal debuted, by now you'd be a full-grown adult, possibly with three kids, a dog and a mortgage.

Yeah, it was a while ago. (It's okay to take a break and feel old now.)

In that first issue, Robert Young (who, aside from being one of the founders of Linux Journal, you also might recognize as the founder of Red Hat) had an interview with Linus Torvalds.

During the interview, Linus talked about his hope to one day "make a living off this", that he'd guesstimate Linux has "a user base of about 50,000", and the new port of Linux to Amiga computers.

A lot changes in a quarter century, eh?

To mark this momentous occasion, we've reunited Robert Young with Linus Torvalds for a new interview—filled with Linus' thoughts on family, changes since 1994, his dislike of Social Media, and a whole lot more. It is, without a doubt, a fun read. (We're also republishing the complete original 1994 interview in this issue for reference.)

And, if you're curious about the history of Linux Journal, Kyle Rankin's "What Linux Journal's Resurrection Taught Me about the FOSS Community" provides an excellent—and highly personal—look over the last roughly 20 years of not just Linux Journal, but of Linux and free software itself. He even includes pictures of his ahem "super-leet Desktop from 1999". How can you go wrong?

Then we thought to ourselves, "How do we celebrate 25 years of talking about Linux?" The answer was obvious: by looking to the future—to where we (the Linux community) are going. And what better way to understand the future of Linux than to talk to the kids who will shape the world of Linux (and free and open-source software) to come.

04/02/2019   Linux Journal

News briefs for April 2, 2019.

The official Raspberry Pi keyboard and mouse are now available. You can purchase them now from approved Raspberry Pi resellers. The keyboard is available in six layouts (English (UK), English (US), Spanish, French, German and Italian) with more in the works. The mouse is a " three-button, scroll-wheel optical device with Raspberry Pi logos on the base and cable, coloured to match the Pi case". View a video of the products for more details.

SUSE is on track to become the largest independent Linux company. ZDNet reports that this is due to IBM acquiring Red Hat and SUSE's growth for the past seven straight years. The ZDNet post quotes SUSE CEO Nils Braukmann, "We believe that makes our status as a truly independent open source company more important than ever. Our genuinely open-source solutions, flexible business practices, lack of enforced vendor lock-in, and exceptional service are more critical to customer and partner organizations, and our independence coincides with our single-minded focus on delivering what is best for them."

Google fixed two critical security vulnerabilities in yesterday's 2019-04-01 patch level. According to Bleeping Computer, the issues CVE-2019-2027 and CVE-2019-2028 "are critical vulnerabilities impacting the Media framework which could allow potential remote attackers to make use of specially crafted files 'to execute arbitrary code within the context of a privileged process.'" These vulnerabilities impact all Android 7.0 or later devices, but users should be safe after applying the latest patch.

Canonical released AWS IoT Greengrass as a snap today. The AWS IoT Greengrass software "brings local compute, messaging, data caching, sync, and ML inference capabilities to your IoT device. IoT and embedded developers can now easily install and get started with IoT Greengrass in seconds on an ever-expanding list of Linux distributions. By combining IoT Greengrass as a snap and Ubuntu Core, an IoT-focused OS built entirely from snaps, device manufacturers and system integrators can build an IoT appliance in weeks with no compromise on security and long-term support." You can get the snap here.

Qt 3D Studio 2.3 was released yesterday. This version introduces a new font rendering engine, Variant Tags and several performance improvements. See the Qt 3D Studio documentation page for more details.

04/01/2019   Linux Journal
Penguin Party sticker

Send a self-addressed stamped envelope to the address below to receive free Penguin Party 3"x4" stickers!

Linux Journal

9597 Jones Rd, #331

Houston, TX 77065

USA

03/28/2019   InfoWorld Linux
Being able to run command loops is one of the features of Linux that makes it easy to automate repetitive tasks. In this 2-minute Linux tip, learn about looping -- in scripts and on the command line.
03/25/2019   Virtualization
Kubernetes 1.14 introduces new features and a new process for the open-source container orchestration platform to determine which enhancements will land in upcoming releases.