linux

Found 40gig hard while sifting through some old pc's and found linux.

Found 40gig hard while sifting through some old pc's and found linux.

Check for Bitcoins :)

What is the interesting story here? What is the noteworthiness? Why did you post this? All I am seeing is a linux mint install on a moderately old 40GB hdd. Why is this getting upvotes?

rm: cannot remove 'rf' : No such file or directory

I know a guy who knows he has more than ten.

On a thumb drive.

Somewhere.

bcachefs needs more guinea pigs!

bcachefs needs more guinea pigs!

https://bcachefs.org/

You might not guess it from the website, since I hate working on websites, or updates, or anything like that... but bcachefs development has been continuing steadily along, lots of polishing and fixing bugs.

And I'm actually running out of bugs to fix! Which means in order to keep making progress on truly making it rock solid, I need help from more users running it and trying to break it.

So... give it a shot, and I'd love to hear people's experiences with it.

How does bcachefs handle power cuts or other similar incidents? What's the likelihood it doesn't mount or corrupts data?

Not currently - I've got a patch to some core VFS code to add some locking. But, I was recently told the VFS developers are actually working on a better solution, so if that goes in there shouldn't be any real obstacles to making it dkms-able.

It's going to be hard to get more testers if it means booting a specific kernel :|

How far off is mainlining? If things have stabilized what do you want to have hammered out before the mainlining process starts?

Red Hat to Acquire CoreOS

Red Hat to Acquire CoreOS

RedHat is one of the few companies that I'm almost always happy with when they acquire another company. They always seem to make things more open (like with Ansible Tower)

Great! RedHat is doing an amazing job with Project Atomic, and sharing efforts with CoreOS sounds epic.

It's not though. It blows my mind that in 2018 people are still bitching about selinux.

Want a solution to make SELinux easy peasy? Install policycoreutils-python on your centos/rhel boxes. Run the following command when you hit something not working:

grep denied /var/log/audit/audit.log | audit2why

Boom, the script tells you what the issue is, what's causing it, and the exact commands to fix the issue. setsebool and restorecon one-liners and you're off to the races.

This blows my mind that people don't do this. Wrote a custom app with thousands of lines of code and you have no idea how to debug selinux for it? Here you go. Permissive mode with logging, run the app, do your tests, then feed the data into audit2why and establish your rules.

2018, people. Stop disabling SELinux and learn to use it.

For example, I just rolled out BookStack which has 0 selinux documentation, and their "official" centos guide uses old ass php and disables selinux and the firewall. Ridiculous! It took two selinux commands copied from audit2why output to get it working and 30 seconds to add a firewall-cmd rule.

/rant

It appears that Redhat is looking to utterly dominate Kubernetes and container technology.

There is a lot of CoreOS that is slick as shit. It's stripped down version of cloud-init is fantastic. Etcd is a rock solid key-value store for configuration data.

Also the amount of systemd that CoreOS leveraged for clustering and configuration was extremely good move. Made having large number of CoreOS systems a breeze to manage.

Project Atomic is Redhat's answer to CoreOS and it's generally inferior except for it's use of OSTree and Cockpit. That's not to say that Atomic is that bad, it just has a lot more baggage then CoreOS does.

Hopefully this also means that CoreOS people will work closer with Redhat/Gnome/et al to create a container image format standard that will rival Docker and allow containers to become a core universal feature.

This might interest Linux users as well: The Ultimate Oldschool PC Font Pack

This might interest Linux users as well: The Ultimate Oldschool PC Font Pack
aur/oldschool-pc-fonts aur/the-ultimate-oldschool-pc-fonts aur/ttf-oldschool-pc-fonts

Available in three different AUR packages, for some reason.

Well that's community repo in a nutshell :)

"licensed under a Creative Commons Attribution-ShareAlike 4.0 International License" -- https://int10h.org/oldschool-pc-fonts/readme/#legal_stuff

:-)

Also have a look at 3270font. It's closely based on the font from the classic IBM terminal of the same name, but it's actually a modern vector font that will look good at any resolution.

Ubuntu 18.04 LTS to use Xorg by default

Ubuntu 18.04 LTS to use Xorg by default

It's a good decision. They can always switch it around when 18.10 comes out.

3 is by far the biggest issue with gnome shell under Wayland. Losing you entire session if gnome shell crashes is a big deal breaker

As if the inability to use standard enterprise software like Hangounts, Skype, RDP or VNC is not a huge deal braker.

Regardless, I think it's hilarious that with all the constant shower of praise that Wayland gets, and all the tall words about how Xorg is terrible because it's old, people consistently fail to mention that whenever gnome-shell crashes it takes the whole session down with it!

Not fanboyism here, none what so ever! No siree... /s :D

I wonder if KDE shows the same behavior.

I agree. I've been using Ubuntu 17.10 on my home laptop and there are too many complete GUI lockups for comfort. It's also gives the screensharing programs another 2 years to support wayland

Off and On Again: The story of KDE Plasma's desktop icons; 5.12 improvements

Off and On Again: The story of KDE Plasma's desktop icons; 5.12 improvements

The real gem in this article is this one:

A telling sign in hindsight, many distributions reneged on our decision and turned icons on for their users anyway. And yet we had decided to throw the switch upstream; what next?

Next time a disruptive UI/UX engineer passionate about shaping the user experience of the future serves you their usual "users don't know what they want" and "clean, honest interface" bullshit, show them this.

And this mentality is why KDE will never overtake GNOME.

Does the KDE project intend to do this at all?

Sorry that you are incapable or understanding that more is not better.

Less is not necessarily better too. With Plasma, I find the balance between the two extremes quite good, since most of the functions are easy to activate or deactivate.

Oh yeah I remember when they removed system tray and their suggestion was to use an extension (TopIcons-plus) which is now unmaintained https://github.com/phocean/TopIcons-plus.

This is a case study of why I left gnome.

All the Computers of the University of applied Sciences in Hannover (Ger) run on Linux

All the Computers of the University of applied Sciences in Hannover (Ger) run on Linux

I think most university's are.. and have done for decades.. You should see what research facilities, science labs and industry are running then. There are custom made unix/linux software out there you haven't even heard of and never will as a regular consumer.

I think most university's are..

Mwahahahahahha

In Germany? Hell no!

Same thing in Hochschule Augsburg. All the PCs here run Debian. Runs like a charm.

One of our professors demanded to use linux for his course and told the IT to set it up. They setup a VMware with ubuntu and the software we needed, but it was a pain to set it up properly with some hardware then. It was a fun task to keep a bluetooth connection stable when windows decides to kick it every 2 minutes, fun times.

I wish the whole university had linux to work with instead of windows. And it was also in germany.

Project Zero: Reading privileged memory with a side-channel

Project Zero: Reading privileged memory with a side-channel

Linus is already roasting Intel: https://www.spinics.net/lists/kernel/msg2688875.html.

If you can sleep tonight, you don't really understand the problem this class of bugs presents.

But I'm really tired tho

https://www.spinics.net/lists/kernel/msg2688904.html

This email is pretty savage too. LOL

Today's CPU vulnerability: what you need to know

Today's CPU vulnerability: what you need to know

Here is the 411 on this:

https://meltdownattack.com/

Which systems are affected by Meltdown?

Desktop, Laptop, and Cloud computers may be affected by Meltdown. More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). We successfully tested Meltdown on Intel processor generations released as early as 2011. Currently, we have only verified Meltdown on Intel processors. At the moment, it is unclear whether ARM and AMD processors are also affected by Meltdown.

Which systems are affected by Spectre?

Almost every system is affected by Spectre: Desktops, Laptops, Cloud Servers, as well as Smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors.

Meltdown

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.

If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure. Luckily, there are software patches against Meltdown.

Spectre

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre

Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent specific known exploits based on Spectre through software patches.

What is the difference between Meltdown and Spectre?

Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location. For a more technical discussion we refer to the papers (Meltdown and Spectre)

Is there a workaround/fix?

There are patches against Meltdown for Linux (KPTI (formerly KAISER)), Windows, and OS X. There is also work to harden software against future exploitation of Spectre, respectively to patch software after exploitation through Spectre .

Which cloud providers are affected by Meltdown?

Cloud providers which use Intel CPUs and Xen PV as virtualization without having patches applied. Furthermore, cloud providers without real hardware virtualization, relying on containers that share one kernel, such as Docker, LXC, or OpenVZ are affected.

Why is it called Meltdown?

The bug basically melts security boundaries which are normally enforced by the hardware.

Why is it called Spectre?

The name is based on the root cause, speculative execution. As it is not easy to fix, it will haunt us for quite some time.

The PTI patch (that AMD was saying didn't apply to them) only mitigates Meltdown. Spectre applies to AMD, Intel, and ARM and is not shut down by PTI.

How was it misleading or passive aggressive? It specifically stated what it did not need mitigations against, nothing more nothing less.

I think you got caught up in the hype.

Oh crap.

Here are the two attacks in short:

Spectre lets an attacker whose code runs in an application's context (for example Javascript in a browser) to read the application's memory - mitigation needs every bytecode interpreter and JIT compiler tested and potentially patched, on CPUs from multiple vendors Meltdown lets an unprivileged program read privileged memory mapped somewhere in its address space - so far only made to work on Intel CPUs, mostly mitigated by mapping as little privileged memory as possible

"AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against"

"AMD processors are not subject to the types of attacks that the kernel page table isolation feat...

Intel CPUs have a really scary hardware security bug. It is possible to block exploitation of this bug in software (the kernel), but there is a 5-50% performance penalty. AMD CPUs do not have this flaw, and therefore users of AMD CPUs shouldn't have to pay the performance penalty for the software fix. This disables the software fix for AMD CPUs.

Pretty savage commit by AMD. Intel having a bad 2017 and 2018

Whats this mean for someone who doesn't know what this means?

Keep in mind that is an estimation, and an edge case of the estimation.

Try one of these subthreads