Linux Journal

AsteroidOS 1.0 Released, Net Neutrality Update, Qt 3D Studio 2.0 Beta Now Available and More

2 months ago

News briefs for May 17, 2018.

AsteroidOS 1.0 is now available. Released yesterday, the open-source operating system for smartwatches is finally available after four years in the works. As posted on the AsteroidOS website, "AsteroidOS is built on standard Linux technologies including OpenEmbedded, opkg, Wayland, Qt5, systemd, BlueZ, and PulseAudio. This makes it the ideal platform to build any sort of wearable project you can imagine. Do you want to run Docker on your watch? AsteroidOS can do it. Do you want to run Quake on your watch? AsteroidOS can do that too. The sky is really the limit! Our community welcomes anyone interested in playing with a smartwatch project."

Yesterday the Senate voted to reverse the net neutrality repeal. As reported by Ars Technica and elsewhere, if the Congressional Review Act "is approved by the House and signed by President Trump, Internet service providers would have to continue following rules that prohibit blocking, throttling, and paid prioritization." If Congress doesn't act, the net neutrality rules expire on June 11.

Qt 3D Studio 2.0 beta was released yesterday. This release includes a new runtime and viewer application, improved data input, editor improvements and more.

Have a release party for openSUSE Leap 15. See the openSUSE page for how you can help the community spread the word, and see the Launch Party Wiki to sign up and add your party to the map. openSUSE Leap 15 launches May 25, 2018.

Linspire Server 2018 was released this week. Linspire Server is based on Ubuntu Server 16.04 and is intended for small to medium-size businesses and schools. It is fee to download and use under a self-support license.

News AsteroidOS Embedded Qt openSUSE Linspire
Jill Franklin

Generating Good Passwords, Part I

2 months ago
by Dave Taylor

Dave starts a new method for generating secure passwords with the help of 1Password.

A while back I shared a script concept that would let you enter a proposed password for an account and evaluate whether it was very good (well, maybe "secure" would be a better word to describe the set of tests to ensure that the proposed password included uppercase, lowercase, a digit and a punctuation symbol to make it more unguessable).

Since then, however, I've really been trying personally to move beyond mnemonic passwords of any sort to those that look more like gobbledygook. You know what I mean—passwords like fRz3li,4qDP? that turn out to be essentially random and, therefore, impossible to crack using any sort of dictionary attack.

Aiding me with this is the terrific password manager 1Password. You can learn more about it here, but the key feature I'm using is a combination of having it securely store my passwords for hundreds of websites and having a simple and straightforward password generator feature (Figure 1).

Figure 1. 1Password Password Generation System

If I'm working on the command line, however, why pop out to the program to get a good password? Instead, a script can do the same thing, particularly if I again tap into the useful $RANDOM shortcut for generating random numbers.

Generating Secure Passwords

The easiest way to fulfill this task is to have a general-purpose approach to generating a random element from a specific set of possibilities. So, a random uppercase letter might be generated like this:

uppers="ABCDEFGHIJKLMNOPQRSTUVWXYZ" letter=${uppers:$(( $RANDOM % 26 )):1}

The basic notational convention used here is the super handy Bash shell variable slicing syntax of:

${variable:startpoint:charcount}

To get the first character only of a variable, for example, you can simply reference it as:

${variable:1:1}

That's easy enough. Instead of a fixed reference number, however, I'm using $(( $RANDOM % 26 )) as a way to generate a value between 0–25 that's different each time.

Add strings that contain all the major character classes you seek and you've got a good start:

lowers="abcdefghijklmnopqrstuvwxyz" digits="0123456789" punct="()./?;:[{]}|=+-_*&^%$#@!~" # skip quotes

To get even fancier, there's another notation ${#variable} that returns the number of characters in a variable, so the following shows that there are 24 characters in that particular string:

Go to Full Article
Dave Taylor

Thunderbird and the Recent #EFAIL Vulnerability, Fedora Urges Users to Update DHCP Packages, Kernel Updates and More

2 months ago

News briefs for May 16, 2018.

Mozilla has come out discouraging folks from disabling encryption within the Thunderbird email client regarding the recent #EFAIL vulnerability. Mozilla is also providing notes on how to best protect yourself.

The Fedora team is pushing its users to update their DHCP packages addressing a recently discovered flaw (CVE-2018-1111). Fixes are available for versions 26, 27, 28 and Rawhide.

Yesterday, Canonical released an official statement regarding the malware discovered in the Ubuntu Snap Store, stating how this always was going to be a challenge since launch and how the company is now committing itself to better security and trust of the published applications.

Earlier this morning, the kernel development team pushed the following updates: 4.16.9, 4.14.41, 4.9.100, 4.4.132 and 3.18.109. See the Linux Kernel Archives website for more information.

News Security Mozilla Thunderbird Fedora DHCP Canonical kernel
Petros Koutoupis

Speeding Up Netfilter (by Avoiding Netfilter)

2 months ago
by Zack Brown

Imre Palik tried to speed up some of Linux's networking code but was met with stubborn opposition. Essentially, he wanted networking packets to bypass the netfilter code unless absolutely necessary. Netfilter, he said, was designed for flexibility at the expense of speed. According to his tests, bypassing it could speed up the system by as much as 15%.

Netfilter is a piece of infrastructure that gives users a tremendous amount of power and flexibility in processing and restricting networking traffic. Imre's idea was that if the user didn't want to filter network packets, the netfilter code shouldn't even be traversed. He therefore wanted to let users disable netfilter for any given firewall that didn't need it.

There was some initial interest and also some questions about how he'd calculated his 15% speed increase. Florian Westphal tried to reason out where the speedup might have come from. But David S. Miller put his foot down, saying that any speedup estimates were just guesses until they were properly analyzed via perf.

David absolutely refused to apply networking patches without a more reliable indication that they would improve the situation.

Imre explained his testing methods and asserted that they seemed sound to him. But Pablo Neira Ayuso felt that Imre's approach was too haphazard. He said there needed to be a more generic way to do that sort of testing.

David was completely unsatisfied by Imre's tests. Instead of trying to work around netfilter, even in cases where there were no actual filters configured, he said, the proper solution was to speed up netfilter so it wouldn't be necessary to bypass it. David said, "We need to find a clean and generic way to make the netfilter hooks as cheap as possible when netfilter rules are not in use."

David Woodhouse, on the other hand, felt that a 15% speedup was a 15% speedup, and we shouldn't look a gift horse in the mouth.

But, David M stood firm. The netfilter hooks were the fundamental issue, he said, and "I definitely would rather see the fundamental issue addressed rather than poking at it randomly with knobs for this case and that."

David W and others started hunting around for ways to satisfy David M without actually recoding the netfilter hooks. David W suggested having the hooks disable themselves automatically if they detected that they wouldn't be useful.

Go to Full Article
Zack Brown

Cooking with Linux (Without a Net)

2 months 1 week ago

Please support Linux Journal by subscribing or becoming a patron.

It's Tuesday, and it's time for Cooking With Linux (without a net) where I do some live Linuxy and open source stuff, live, on camera, and without the benefit of post video editing therefore providing a high probability of falling flat on my face. Today, we're going back to WSL and trying to run X Windows and we're going to take a Linux distribution most people have never heard of out for a spin.

Cooking with Linux
Marcel Gagné

GSConnect, Mozilla Firefox 61, Scientific Linux 7.5, GNOME and Nautilus

2 months 1 week ago

News briefs for May 15, 2018.

It seems like the next Ubuntu release (18.10) may support Android devices out-of-box via a utility called GSConnect. This is similar to KDE Connect. Transfer files, receive notifications, and more.

The Mozilla team has been hard at work to address all of the known problems plaguing their bookmark sync functionality. A new engine has been developed to address these issues which landed in the latest Nightly build.

Speaking of Mozilla, Firefox 61 beta 6 will be available for testing on May 18.

Based on Red Hat Enterprise Linux 7.5, Scientific Linux 7.5 is now officially released.

According to a recent commit, the GNOME team is removing the ability to launch binary applications from within Nautilus. Note that this only affects the file manager and nothing else.

News
Petros Koutoupis

Everything You Need to Know about the Cloud and Cloud Computing, Part II: Using the Cloud

2 months 1 week ago
by Petros Koutoupis

How to get started with AWS, install Apache, create an EFS volume and much more.

The cloud is here to stay, regardless of how you access data day to day. Whether you are uploading and sharing new photos with friends in your social-media account or updating documents and spreadsheets alongside your peers in your office or school, chances are you're connecting to the cloud in some form or another.

In the first part of this series, I explored what makes up the cloud and how it functions when all of its separate moving pieces come together. In this article, building from Part I's foundations, I cover using the cloud through some actual examples.

Getting Started with AWS

For the purposes of this article, I'm focusing on a few of the top offerings provided by Amazon Web Services (AWS). Please know that I hold no affiliation to or with Amazon, nor am I stating that Amazon offerings exceed those of its competitors.

If you haven't already, be sure to register an account. But before you do, understand that charges may apply. Amazon, may provide a free tier of offerings for a limited time, typically a year, to newly registered users. In most cases, the limitations to these offerings are far less than ideal for modern use cases. It is a pay-as-you go model, and you'll be charged only as long as the instance or service continues to be active.

As soon as you are registered and logged in from within your web browser, you'll be greeted by a fairly straightforward dashboard.

Figure 1. The AWS Main Dashboard of services and resources.

Compute

At first, companies leveraging cloud compute applied a straight copy-and-paste of their very own data centers for deploying standard web/application/database servers. The model was the same. There is nothing wrong with that approach. The transition for most converting from on-premises to the cloud would have been somewhat seamless—at least from the perspective of the user accessing those resources. The only real difference being that it was just in a different data center and without the headache of maintaining the infrastructure supporting it.

In the world of AWS, virtual compute servers are managed under the Elastic Cloud Computing (EC2) stack, from whole virtual instances to containers and more. Let's begin an example EC2 experiment by navigating to the EC2 dashboard.

Figure 2. The Elastic Cloud Computing Dashboard

Go to Full Article
Petros Koutoupis

WineHQ, Malware in Ubuntu Snap Store, Linux Kernel 4.17, Hardware Security Updates to Android, PGP and S/MIME Vulnerabilities

2 months 1 week ago

News briefs for May 14, 2018.

Late last week, the team over at WineHQ announced the release of version 3.8, containing bug fixes alongside a few feature enhancements.

Masquerading as a systemd package, it has been revealed that malware is hiding in plain site over at the Ubuntu Snap Store. Know your sources and always be cautious when installing third party application. This is true, regardless of the operating system.

Linux kernel 4.17 release candidate 5 has officially landed. It is mostly packed with driver updates.

Here is a bit of good news for Android users: presented at Google I/O 2018, Google may start forcing hardware manufacturers to push security updates on a more regular basis.

Attention PGP and S/MIME users: new vulnerabilities revealed which require immediate updates. Those who are immediately affected are the ones relying on such decryption tools for e-mail communication.

News
Petros Koutoupis

Smart-Home Lightning Hacks

2 months 1 week ago
by Shawn Powers

Home automation should make life simpler, not more complex!

Kyle Rankin occasionally uses the "lightning hacks" format for his Hack and / LJ column when he has a bunch of neat topics to cover that wouldn't be enough for a complete article on their own. Thinking along those lines for this article, I figured it would be great to cover various home-automation stuff I do. Not only is it fun to share ideas, but if I make a list of all the cool things I'm currently doing, it will make it easier to compare the functionality of open-source options I'd like to explore next. If you haven't been dipping your toes into the world of home automation, maybe some of these hacks will change your mind.

My Setup

Most home-automation ideas can be implemented in multiple ways. In fact, I'm counting on that as I look into less-proprietary methods in the near future. But right now, I'm using a Samsung SmartThings hub. Yes, it is proprietary, but Samsung really has opened up the API and allowed developers to create device drivers and apps to customize the platform. I think SmartThings is the most feature-complete solution for home automation right now, but it does have a few frustrations. The most annoying is that it requires a constant connection to the internet in order to function. Most folks are frustrated with the inherent privacy concerns of home automation taking place in the cloud, and that's a big problem. For me, the more frustrating aspect is the effect shoddy internet service has on a home. If the internet goes down, so does 90% of my house! I have a few workarounds, but I know that a solid (not fast) internet connection is vital if your solution is cloud-based like SmartThings.

Anyway, my setup consists of the following:

  • Samsung SmartThings Hub v2.
  • Amazon Echo devices all over the house.
  • Google Home devices all over the house.
  • Sonos speakers in most rooms.
  • Various lights, switches, sensors and so on.

Having both Amazon Echo and Google Home isn't something I encourage; it's just that I have a habit of trying new technology, and they are both so amazing, I haven't yet chosen one over the other. Thankfully, they're pretty happy to function together.

Hack 1: the Mailman Detector

In my home, my office is all the way at the back of the house. In most homes, that's not a big deal, but in my case, my office is purposefully separate from the main living area so that when I'm recording videos, the house sounds don't interrupt. During the day, I'm usually home working alone, so I never know if a package has been delivered. The mailman could kick the front door down, and I'd never hear it in my office. My solution was to install a doorbell with a label about my office being all the way in the back (Figure 1), but sadly, most delivery folks just drop and run. So I decided to automate.

Go to Full Article
Shawn Powers

Gnome Login Screen Redesign, CentOS Update, VirtualBox, Mender Team and IoT

2 months 1 week ago

News briefs for May 11, 2018.

In GNOME related news, version 3.28.2 officially landed sporting the infamous memory leak fix and much more. The project is now shifting its focus to 3.30.

While on the topic of GNOME and the future of the desktop environment, a lot of work has been invested in redesigning the login screen. So far, things are looking pretty slick...

The CentOS project just released version 7 1804, which is the free spin of Red Hat Enterprise Linux 7.5.

Oracle recently announce the available of VirtualBox 5.2.12. This latest update includes support for the Linux 4.17 kernel, alongside your typical bug fixes.

Recently launched, the Mender team is providing Linux IoT users with an automated SaaS to update and manage their devices, all OTA. Be sure to check them out.

News
Petros Koutoupis

Is It Linux or GNU/Linux?

2 months 1 week ago
by Christine Hall

After putting this question to the experts, the conclusion is that no matter what you call it, it's still Linux at its core.

Should the Linux operating system be called "Linux" or "GNU/Linux"? These days, asking that question might get as many blank stares returned as asking, "Is it live or is it Memorex?"

Some may remember that the Linux naming convention was a controversy that raged from the late 1990s until about the end of the first decade of the 21st century. Back then, if you called it "Linux", the GNU/Linux crowd was sure to start a flame war with accusations that the GNU Project wasn't being given due credit for its contribution to the OS. And if you called it "GNU/Linux", accusations were made about political correctness, although operating systems are pretty much apolitical by nature as far as I can tell.

The brouhaha got started in the mid-1990s when Richard Stallman, among other things the founder of the Free Software Movement who penned the General Public License, began insisting on using the term "GNU/Linux" in recognition of the importance of the GNU Project to the OS. GNU was started by Stallman as an effort to build a free-in-every-way operating system based on the still-not-ready-for-prime-time Hurd microkernel.

According to this take, Linux was merely the kernel, and GNU software was the sauce that made Linux work.

Noting that the issue seems to have died down in recent years, and mindful of Shakespeare's observation on roses, names and smells, I wondered if anyone really cares anymore what Linux is called. So, I put the issue to a number of movers and shakers in Linux and open-source circles by asking the simple question, "Is it GNU/Linux or just plain Linux?"

"This has been one of the more ridiculous debates in the FOSS realm, far outdistancing the Emacs-vi rift", said Larry Cafiero, a longtime Linux advocate and FOSS writer who pulls publicity duties at the Southern California Linux Expo. "It's akin to the Chevrolet-Chevy moniker. Technically the car produced by GM is a Chevrolet, but rarely does anyone trot out all three syllables. It's a Chevy. Same with the shorthand for GNU/Linux being Linux. The shorthand version—the Chevy version—is Linux. If you insist in calling it a Chevrolet, it's GNU/Linux."

Next up was Steven J. Vaughan Nichols, who's "been covering Unix since before Linux was a grad student". He didn't mince any words.

"Enough already", he said. "RMS tried, and failed, to create an operating system: Hurd. He and the Free Software Foundation's endless attempts to plaster his GNU name to the work of Linus Torvalds and the other Linux kernel developers is disingenuous and an insult to their work. RMS gets credit for EMACS, GPL, and GCC. Linux? No."

Go to Full Article
Christine Hall

Firefox Quantum, Bcachefs, Ubuntu, Devuan 2.0

2 months 1 week ago

News briefs for May 10, 2018.

It is here: Firefox 60 "Quantum" is available for download! Now with Client Side Decorations (CSD) and much more!

And development for Firefox 61 has already begun.

Kent Overstreet of Bcache and now, Bcachefs is working his way to push patches for Bcachefs upstream and into the Linux kernel. Bcachefs is an advanced Linux COW filesystem that boasts a lot of the features used by ZFS and Btrfs.

It would seem that the main Ubuntu distribution may not be the only *buntu to drop support for 32-bit x86 (i386) architectures. A proposal has just been put forth by Bryan Quigley to drop support for Lubuntu, Xubuntu, Kylin and Kubuntu.

While the beta for Devuan 2.0 ASCII (a Debian fork without systemd) landed back in February, yesterday marked the availability of the first official release candidate.

News
Petros Koutoupis

Read-Only Memory

2 months 1 week ago
by Zack Brown

Igor Stoppa posted a patch to allow kernel memory pools to be made read-only. Memory pools are a standard way to group memory allocations in Linux so their time cost is more predictable. With Igor's patch, once a memory pool was made read-only, it could not be made read-write again. This would secure the data for good and against attackers. Of course, you could free the memory and destroy the pool. But short of that, the data would stay read-only.

There was not much controversy about this patch. Kees Cook felt that XFS would work well with the feature. And, having an actual user would help Igor clarify the usage and nail down the API.

This apparently had come up at a recent conference, and Dave Chinner was ready for Igor's patch. He remarked, "we have a fair amount of static data in XFS that we set up at mount time and it never gets modified after that. I'm not so worried about VFS level objects (that's a much more complex issue) but there is a lot of low hanging fruit in the XFS structures we could convert to write-once structures."

Igor said this was exactly the kind of thing he'd had in mind.

A bunch of folks started talking about terminology and use cases, and speculating on further abilities. No one had any negative comment, and everyone was excited to get going with it.

The thing about a patch like this is that people can use the feature or not. It helps them with security, or it costs them nothing. It adds an ability but adds no complexity to the code. Unless something weird happens, I'd expect this patch to go into the kernel as soon as the API stabilizes.

Note: If you're mentioned above and want to post a response above the comment section, send a message with your response text to ljeditor@linuxjournal.com.

Go to Full Article
Zack Brown

OpenShift, IBM Cloud, Azure, Linux apps on Chrome OS, Twitter, Serious Flaw on AMD and Intel x86 CPUs

2 months 1 week ago

Red Hat has been making headlines with the recent announcement that they will be teaming up with IBM to integrate OpenShift (Red Hat’s commercial Kubernetes offering) into IBM’s Cloud to help accelerate container adoption.

 

At the same time, Red Hat expanded beyond IBM and is now also working with Microsoft to provide the same OpenShift platform to Azure.

 

It is now official, Google announced during the Google I/O summit that Project Crostini is making it possible for users to install Linux applications on Chrome OS via DEB files (from Debian Stretch). This is on top of the already integrated support for Android apps.

 

A serious flaw was recently discovered affecting all major operating systems running on AMD and Intel x86 CPUs. The vulnerability was exposed by developers misinterpreting debug documentation provided by the chip manufacturers, which allows an authenticated attacker the ability to read sensitive data in memory and more. These same major operating system are already rolling out patches to address this issue. Be sure to update your distribution.

 

In an effort to increase user security, Twitter may start including an encrypted direct messaging feature for their Android app. This was observed by Jane Manchun Wong as she started to dig through the code.

News
Petros Koutoupis

Everything You Need to Know about the Cloud and Cloud Computing, Part I

2 months 1 week ago
by Petros Koutoupis

An in-depth breakdown of the technologies involved in making up the cloud and a survey of cloud-service providers.

The cloud has become synonymous with all things data storage. It additionally equates to the many web-centric services accessing that same back-end data storage. But the term also has evolved to mean so much more.

Cloud computing provides more simplified access to server, storage, database and application resources, with users provisioning and using the minimum set of requirements they see fit to host their application needs. In the past decade alone, the paradigm shift toward a wider and more accessible network has forced both hardware vendors and service providers to rethink their strategies and cater to a new model of storing information and serving application resources. As time continues to pass, more individuals and businesses are connecting themselves to this greater world of computing.

What Is the Cloud?

Far too often, the idea of the "cloud" is confused with the general internet. Although it's true that various components making up the cloud can be accessible via the internet, they are not one and the same. In its most general terms, cloud computing enables companies, service providers and individuals to provision the appropriate amount of computing resources dynamically (compute nodes, block or object storage and so on) for their needs. These application services are accessed over a network—and not necessarily a public network. Three distinct types of cloud deployments exist: public, private and a hybrid of both.

The public cloud differentiates itself from the private cloud in that the private cloud typically is deployed in the data center and under the proprietary network using its cloud computing technologies—that is, it is developed for and maintained by the organization it serves. Resources for a private cloud deployment are acquired via normal hardware purchasing means and through traditional hardware sales channels. This is not the case for the public cloud. Resources for the public cloud are provisioned dynamically to its user as requested and may be offered under a pay-per-usage model or for free.

Some of the world's leading public cloud offering platforms include:

  • Amazon Web Services (AWS)
  • Microsoft Azure
  • Google Cloud Platform
  • IBM Cloud (formerly SoftLayer)

As the name implies, the hybrid model allows for seamless access and transitioning between both public and private deployments, all managed under a single framework.

For those who prefer either to host their workload internally or partially on the public cloud—sometimes motivated by security, data sovereignty or compliance—private and hybrid cloud offerings continue to provide the same amount of service but all within your control.

Using cloud services enables you to achieve the following:

Go to Full Article
Petros Koutoupis

SUSE's OpenStack Cloud 8 and SUSE-Ready Certification for SUSE CaaS, Cosmic Cuttlefish, Android Things and More

2 months 2 weeks ago

News briefs for May 8, 2018.

SUSE's OpenStack Cloud 8 made its debut last week. This is the "first release to integrate the best of SUSE OpenStack Cloud and HPE OpenStack technology, which was acquired by SUSE last year". Other enhancements include "greater flexibility for customers with full support for OpenStack Ironic", "expanded interoperability with new support for VMware NSX-V", "enhanced scalability to support large deployments" and more.

In other news from SUSE, the company announced recently that its SUSE-Ready Certification for SUSE CaaS is now available for partners' containerized apps: "ISVs building containers that use the open source docker container format can now certify their containerized application on SUSE CaaS Platform, an enterprise-class container management solution that enables IT and DevOps professionals to more easily deploy, manage and scale container-based applications and services."

Mark Shuttleworth announced that Ubuntu 18.10 will be called Cosmic Cuttlefish. He also stressed that he is focusing on security, saying "If I had one big thing that I could feel great about doing, systematically, for everyone who uses Ubuntu, it would be improving their confidence in the security of their systems and their data."

Android Things, "Google's managed OS that enables you to build and maintain Internet of Things devices at scale", released version 1.0 to developers yesterday. See the release notes for all the details.

Red Hat Summit 2018 begins today in San Francisco. You can livestream the keynotes and press conference for free. See here for all the details.

News SUSE OpenStack Ubuntu Android Google Containers Security IOT Red Hat
Jill Franklin

The Road Less Traveled: Certifications Can Chart a Great Career in Linux and Open Source

2 months 2 weeks ago
by Taz Brown

Taz Brown writes about the challenges of a career in IT and her goals of helping to increase diversity in the field and bring Linux to urban education.

The year is now 2018, and the world has changed tremendously in so many ways. One thing that's changed significantly is the way we learn and the way we demonstrate that knowledge. No longer is a college degree enough, particularly in the area of Information Technology (IT). Speak to two technologists about how they paved their way in the field, and you will get, oftentimes, completely different stories.

It's one of the things I like most about IT. You often can work with many different people with varying experiences, backgrounds and stories about how they came to enter the field, and one of the most common paths to IT is through certifications.

My path to IT could and would not have happened without certifications. First, my college degree was not in any tech or computer science concentration or track. I did not begin my career in IT, and therefore, gaining the knowledge I needed to enter the field began and continues with certifications. Now, this is not to say that I did not need to gain practical experience in order to be able to do the job, but had I only had practical experience and no certifications, I likely wouldn't have attracted the recruiters that I did.

I started with some CompTIA certifications like A+ and Network+, and Microsoft certs like the MCSA, focusing on Windows 7 and Windows Server. So after putting in 25–30 hours a week studying and practicing—and this was all with just a laptop, mind you—I obtained those certifications. But after getting those certifications, I wanted more—more knowledge and skills, that is. I was able to obtain a job in IT on the HelpDesk, and after a few years, and a few more certifications, I became a Systems Administrator.

So fast-forward ten years, and I am now a Sr. Linux Systems Engineer. I moved into the field of Linux about five years ago, because I saw a trend that I could not resist—a niche market. And, it has paid off, but with advancing my career came the need yet again to prove myself, and so I have been focused on the Red Hat track of certification for the last few years.

I have some Linux certifications, but the ones that have been the most important to me at this stage in my career are those from Red Hat. I currently possess the RHCSA (Red Hat Certified Systems Administrator), and for the last few months, I've been preparing to take and pass the RHCE (Red Hat Certified Engineer). My ultimate goal is to obtain the RHCA (Red Hat Certified Architect).

Go to Full Article
Taz Brown

Android Privacy Fix, New Brigade Python Automation Framework, the "Cookidoo" Digital Recipe IoT Environment Based on Red Hat Solutions and More

2 months 2 weeks ago

News briefs for May 7, 2018.

Red Hat announced today that Vorwerk, a 130-year-old company that makes appliances, carpets, cosmetics and more, is launching a new IoT environment based on Red Hat solutions. Cookidoo is a digital recipe ecosystem "containing an IoT environment with multicloud support to integrate more than 1.5 million of its IoT devices. Cookidoo can be accessed directly via Thermomix, an advanced, multifunctional kitchen appliance, using the Cook-Key accessory."

Unity 2018.2 beta is now available. With this release, the cross-platform game engine now has Vulkan support for both Windows and Linux. Other improvements include package manager updates, texture mipmap streaming, a real-world physical camera model and more. See the Unity Blog for more info. (Source: Phoronix.)

Google recently open-sourced Seurat, "a tool designed to reduce complexity in high-fidelity mobile VR scenes, improving performance considerably". In other words, "Seurat takes all of the possible viewpoints that a VR user may have given their limited range of movement and removes the area of the 3D environment that they'd never be able to see."

There's a new automation framework called Brigade, which is written in Python. According to the Networklore post, "You could describe it as the automation framework for Pythonistas. This might strike you as something wonderful, or it could trigger your spider-sense. Writing code? Isn't that just for programmers?"

Android P is finally addressing a privacy issue by restricting apps from monitoring your network activity (although this only affects apps that target Android P). xda reported yesterday that currently, "apps on Android can gain full access to the network activity on your device—even without asking for any sensitive permissions. These apps can't detect the content of your network calls, but they can sniff any outgoing or incoming connection via TCP/UDP to determine if you are connecting to a certain server."

News Android Privacy Python IOT gaming VR Google
Jill Franklin

Developing Console Applications with Bash

2 months 2 weeks ago
by Andy Carlson

Bring the power of the Linux command line into your application development process.

As a novice software developer, the one thing I look for when choosing a programming language is this: is there a library that allows me to interface with the system to accomplish a task? If Python didn't have Flask, I might choose a different language to write a web application. For this same reason, I've begun to develop many, admittedly small, applications with Bash. Although Python, for example, has many modules to import and extend functionality, Bash has thousands of commands that perform a variety of features, including string manipulation, mathematic computation, encryption and database operations. In this article, I take a look at these features and how to use them easily within a Bash application.

Reusable Code Snippets

Bash provides three features that I've found particularly useful when creating reusable functions: aliases, functions and command substitution. An alias is a command-line shortcut for a long command. Here's an example:

alias getloadavg='cat /proc/loadavg'

The alias for this example is getloadavg. Once defined, it can be executed as any other Linux command. In this instance, alias will dump the contents of the /proc/loadavg file. Something to keep in mind is that this is a static command alias. No matter how many times it is executed, it always will dump the contents of the same file. If there is a need to vary the way a command is executed (by passing arguments, for instance), you can create a function. A function in Bash functions the same way as a function in any other language: arguments are evaluated, and commands within the function are executed. Here's an example function:

getfilecontent() { if [ -f $1 ]; then cat $1 else echo "usage: getfilecontent " fi }

This function declaration defines the function name as getfilecontent. The if/else statement checks whether the file specified as the first function argument ($1) exists. If it does, the contents of the file is outputted. If not, usage text is displayed. Because of the incorporation of the argument, the output of this function will vary based on the argument provided.

The final feature I want to cover is command substitution. This is a mechanism for reassigning output of a command. Because of the versatility of this feature, let's take a look at two examples. This one involves reassigning the output to a variable:

Go to Full Article
Andy Carlson

Weekend Reading: Qubes

2 months 2 weeks ago
by Carlie Fairchild

Qubes OS is a security-focused operating system that, as tech editor Kyle Rankin puts it, "is fundamentally different from any other Linux desktop I've used". Join us this weekend in reading Kyle's multi-part series on all things Qubes.

 

Secure Desktops with Qubes: Introduction

In this first article, I provide an overview of what Qubes is, some of the approaches it takes that are completely different from what you might be used to on a Linux desktop and some of its particularly interesting security features. In future articles, I'll give more how-to guides on installing and configuring it and how to use some of its more-advanced features.

 

Secure Desktops with Qubes: Installation

This is the second in a multipart series on the Qubes operating system. In my first article, I gave an overall introduction to Qubes and how it differs from most other desktop Linux distributions, namely in the way it focuses on compartmentalizing applications within different VMs to limit what attackers have access to in the event they compromise a VM. This allows you to use one VM for regular Web browsing, another for banking and a different one for storing your GPG keys and password manager. In this article, I follow up with a basic guide on how to download and install Qubes, along with a general overview of the desktop and the various default VM types.

 

Secure Desktops with Qubes: Compartmentalization

This is the third article in my series about Qubes. In the first two articles, I gave an overview about what Qubes is and described how to install it. One of the defining security features of Qubes is how it lets you compartmentalize your different desktop activities into separate VMs. The idea behind security by compartmentalization is that if one of your VMs is compromised, the damage is limited to just that VM.

 

Secure Desktops with Qubes: Extra Protection

Go to Full Article
Carlie Fairchild