Linus Torvalds Says Things Look Pretty Normal for Linux 5.0, Releases Second RC

Linux creator Linus Torvalds announced today the general availability for testing of the second RC (Release Candidate) of the upcoming major release of the Linux kernel, Linux 5.0.

According to Linus Torvalds, things are going in the right direction for Linux kernel 5.0 series, which should launch sometime at the end of February or early March 2019, and the second Release Candidate is here to add several perf tooling improvements, updated networking, SCSI, GPU, and block drivers, updated x86, ARM, RISC-V, and C-SKY architectures, as well as fixes to Btrfs and CIFS filesystems.

“So the merge window had somewhat unusual timing with the holidays, and I was afraid that would affect stragglers in rc2, but honestly, that doesn’t seem to have happened much. rc2 looks pretty normal. Were there some missing commits that missed the merge window? Yes. But no more than usual. Things look pretty normal,” said Linus Torvalds in a mailing list announcement.

Linux kernel 5.0 RC3 expected on January 17th

Of course, it’s a bit early to say that everything’s fairly normal for the Linux 5.0 kernel series as the development cycle was just kicked off a week ago, when Linus Torvalds announced the first Release Candidate, and it remains to be seen if it will be a normal cycle with seven RCs or a long one with eight RCs. Depending on that, Linux kernel 5.0 could arrive on February 24th or March 3rd.

Until then, we’re looking forward to the third Release Candidate of Linux kernel 5.0, which is expected to hit the streets at the end of the week on January 17th. Meanwhile, you can go ahead and give Linux 5.0 a try on your Linux-powered computer by downloading and compiling the second Release Candidate from kernel.org. Keep in mind though that this is a pre-release version, so don’t use it on production machines.

Source

January 21, 2019March 9, 2019

Nginx vs Apache: Which Serves You Best in 2019?

For two decades Apache held sway over the web server market which is shrinking by the day. Not only has Nginx caught up with the oldest kid on the block, but it is currently the toast of many high traffic websites. Apache users might disagree here. That is why one should not jump to conclusions about which web server is better. The truth is that both form the core of complete web stacks (LAMP and LEMP), and the final choice boils down to individual needs.

For instance, people running Drupal websites often call on Apache, whereas WordPress users seem to favor Nginx as much if not more. Accordingly, our goal is to help you understand your own requirements better rather than providing a one-size recommendation. Having said that, the following comparison between the two gives an accurate picture.

1. Popularity

Up until 2012 more than 65% of websites were based on Apache, a popularity due in no small measure to its historical legacy. It was among the first software that pioneered the growth of the World Wide Web. However, times have changed. According to W3Tech.com, as of January 14, 2019, Apache (44.4%) is just slightly ahead of Nginx (40.9%) in terms of websites using their servers. Between them they dominate nearly 85% of the web server market.

Web Servers Market Share W3techs.com

When it comes to websites with high traffic, the following graph is interesting. Of course, Nginx is quite ahead of Apache but trails behind Google Servers which powers websites like YouTube, Gmail and Drive.

Web Servers Market @ W3Techs 15-Jan-2019

At some point a large number of websites (including this site) migrated from Apache to Nginx. Clearly, the latter is seen as a the latest, and a trendier web server. High traffic websites that are on Apache, e.g. Wikipedia and New York Times, are often using a front-end HTTP proxy like Varnish.

Score: The popularity gap between Apache and Nginx is closing very fast. But, as Apache is still ahead in absolute numbers, we will consider this round a tie.

2. Speed

The main characteristic of a good web server is that it should run fast and easily respond to connections and traffic from anywhere. To measure the server speeds, we compared two popular travel websites based on Apache (Expedia.com) and Nginx (Booking.com). Using an online tool called Bitcatcha, the comparisons were made for multiple servers and measured against Google’s benchmark of 200 ms. Booking.com based on Nginx was rated “exceptionally quick.” In contrast, Expedia.com based on Apache was rated “above average and could be improved.”

Having used both travel websites so many times, I can personally vouch that Expedia feels slightly slower in returning results to my query than Booking does.

Web server response time Booking.com (Nginx) vs. Expedia.com (Apache)

Here are comparisons between the two servers for a few other websites. Nginx does feel faster in all cases below except one.

Website server speeds tested at Bitcatcha

Score: Nginx wins the speed round.

3. Security

Both Nginx and Apache take security very seriously on their websites. There is no dearth of robust systems to deal with DDoS attacks, malware and phishing. Both periodically release security reports and advisories which ensure that the security is strengthened at every level.

Score: We will consider this round a tie.

4. Concurrency

There is a perception that Apache somehow does not measure up to Nginx’s sheer scale and capability. After all, Nginx was originally designed to accelerate speed issues with FastCGI and SCGI handlers. However, from Apache 2.4 onwards (which is the default version), there has been a drastic improvement in the number of simultaneous connections. How far this improvement has been made is worth finding out.

Based on stress tests at Loadimpact.com, we again compared Booking.com (Nginx) with Expedia.com (Apache). For 25 virtual users, the Nginx website was able to record 200 requests per second, which is 2.5 times higher than Apache’s 80 requests per second. Clearly, if you have a dedicated high-traffic website, Nginx is a safer bet.

Scalability testing Apache versus Nginx at Loadimpact.com

Score: Nginx wins the concurrency round.

5. Flexibility

A web server should be flexible enough to allow customizations. Apache does it quite well using .htaccess tools, which Nginx does not support. It allows decentralization of administrator duties. Third party and second-level admins can be prevented from accessing the main server. Moreover, Apache supports more than 60 modules which makes it highly extensible. There is a reason Apache is more popular with shared hosting providers.

Flexible features of Apache: Modules plus htaccess example

Score: Apache wins this round.

Other Parameters

In the past Nginx did not support Windows OS very well, unlike Apache. That is no longer the case. Also, Apache was considered weak for load balancing and reverse proxy which has changed now.

Final Result

Nginx narrowly wins this contest 2-1. Having said this, an objective comparison between Nginx and Apache on technical parameters does not give the complete picture. In the end, our verdict is that both web servers are useful in their own ways.

While Apache should be used with a front-ending server (Nginx itself is one option), Nginx can be better with more customizations and flexibility.

Source

January 21, 2019March 9, 2019

The Start of the RHCA Journey

I’m starting my RHCA (Red Hat Certified Architect) journey!

It took me some time to get my mind set on this, and it was important to understand the reasons I’m willingt to do this in the first place.

Why Red Hat?

I do Linux system administration for a living. Although the world is moving towards DevOps, containers and automation, this doesn’t change the fact that Linux remains the go-to choice for the cloud, and regardless of the job title, one still does a lot of sysadmin work day in, day out.

I’ve been running Linux in production for the past 7 years (and even longer as my personal desktop OS), with the last 4 years being Red Hat based OS exclusively. Over time, I transitioned from running servers on Debian to Ubuntu and then to Red Hat/CentOS. As much as I like Debian, Red Hat has become my distribution of choice. As a result it just seemed natural to learn it in depth.

Why RHCA?

I’m a self-taught RHCE. I passed the exam a couple of years ago.

If you’re reading this, then you’re likely aware that Red Hat exams are hands-on. As a result, they have something of value. You get presented with complex problems, and more often than not you need to know where to find answers on a RHEL system.

This testing methodology is advantageous because it does not require you to simply memorise things, but to know where to find information. Of course, you need to memorise bits and pieces, but it’s muscle memory that’s the key to success.

Having said that, there are three things required to achieve RHCA: practice, practice, practice. You need to perform the tasks over and over to be an expert in using a product, be it Red Hat High Availability clustering, Satellite or OpenStack.

Why am I doing this? Motivation and Expectations

I’m a person who’s eager to learn new things. This includes looking for challenges that would help me grow both personally, and professionally.

As I said some time ago, RHCA is not a sprint, it’s a marathon. It’s also a massive undertaking and should not be taken lightly. This alone makes me want to pursue it. To become better in what I do.

To quote Arnold Schwarzenegger:

“Never, ever think small. If you’re going to accomplish anything, you have to think big. No matter what you do, work, work, work!”

I’m doing this for myself. It’s a project that I feel is worth investing time and resources. I’m not doing RHCA to get a new job, or to get a rise. There are much easier and less time consuming ways of achieving either of those things.

I expect this journey to be a lengthy process with lots of challenges that I’ll need to overcome, including exams, travel and life itself.

Chances are that things won’t always go my way even if I’m well prepared, therefore it’s important to be honest with myself and understand why I’m doing this in the first place.

Timescale

I don’t have a strict deadline, but my aim is to pass the exams by the end of the year. I started planning my RHCA studies back in 2018 so that I would have plenty of time in 2019.

The First Exam: EX436 High Availability Clustering

I use HA clustering at work, therefore the decision to take the EX436 was somewhat easy to make.

EX436 will be my first exam, and I’m already approaching the end of the study process. I use official documentation available on Red Hat’s website, and a lot of practicing.

My home lab for HA clustering is quite simple: a laptop with a quad-core CPU, 16GB of RAM and 128GB SSD, running KVM hypervisor and four RHEL 7.1 virtual machines. One VM is used to provide storage services, and the other three VMs are for clustering. In terms of networking, I use five network interfaces (2x corosync redundand rings, 2x iSCSI multipath, 1x for LAN). Corosync and iSCSI networks are non-routable.

Source

January 21, 2019March 9, 2019

How to Resize OpenStack Instance (Virtual Machine) from Command line

Being a Cloud administrator, resizing or changing resources of an instance or virtual machine is one of the most common tasks.

In Openstack environment, there are some scenarios where cloud user has spin a vm using some flavor( like m1.smalll) where root partition disk size is 20 GB, but at some point of time user wants to extends the root partition size to 40 GB. So resizing of vm’s root partition can be accomplished by using the resize option in nova command. During the resize, we need to specify the new flavor that will include disk size as 40 GB.

Note: Once you extend the instance resources like RAM, CPU and disk using resize option in openstack then you can’t reduce it.

In this tutorial I will demonstrate how to resize an openstack instance from command line. Let’s assume I have an existing instance named “test_resize_vm” and it’s associated flavor is “m1.small” and root partition disk size is 20 GB.

Execute the below command from controller node to check on which compute host our vm “test_resize_vm” is provisioned and its flavor details

:~# openstack server show test_resize_vm | grep -E "flavor|hypervisor"
| OS-EXT-SRV-ATTR:hypervisor_hostname  | compute-57    |
| flavor                               | m1.small (2)  |
:~#

[root@test-resize-vm ~]# df -Th
Filesystem     Type      Size  Used Avail Use% Mounted on
/dev/vda1      xfs        20G  885M   20G   5% /
devtmpfs       devtmpfs  900M     0  900M   0% /dev
tmpfs          tmpfs     920M     0  920M   0% /dev/shm
tmpfs          tmpfs     920M  8.4M  912M   1% /run
tmpfs          tmpfs     920M     0  920M   0% /sys/fs/cgroup
tmpfs          tmpfs     184M     0  184M   0% /run/user/1000
[root@test-resize-vm ~]# echo "test file for resize operation" > demofile
[root@test-resize-vm ~]# cat demofile
test file for resize operation
[root@test-resize-vm ~]#

Get the available flavor list using below command,

:~# openstack flavor list
+--------------------------------------+-----------------+-------+------+-----------+-------+-----------+
| ID                                   | Name            |   RAM | Disk | Ephemeral | VCPUs | Is Public |
+--------------------------------------+-----------------+-------+------+-----------+-------+-----------+
| 2                                    | m1.small        |  2048 |   20 |         0 |     1 | True      |
| 3                                    | m1.medium       |  4096 |   40 |         0 |     2 | True      |
| 4                                    | m1.large        |  8192 |   80 |         0 |     4 | True      |
| 5                                    | m1.xlarge       | 16384 |  160 |         0 |     8 | True      |
+--------------------------------------+-----------------+-------+------+-----------+-------+-----------+

So we will be using the flavor “m1.medium” for resize operation, Run the beneath nova command to resize “test_resize_vm”,

Syntax: # nova resize {VM_Name} {flavor_id} —poll

:~# nova resize test_resize_vm 3 --poll
Server resizing... 100% complete
Finished
:~#

Now confirm the resize operation using “openstack server –confirm” command,

~# openstack server list | grep -i test_resize_vm
| 1d56f37f-94bd-4eef-9ff7-3dccb4682ce0 | test_resize_vm | VERIFY_RESIZE |private-net=10.20.10.51                                  |
:~#

As we can see in the above command output the current status of the vm is “verify_resize“, execute below command to confirm resize,

~# openstack server resize --confirm 1d56f37f-94bd-4eef-9ff7-3dccb4682ce0
~#

After the resize confirmation, status of VM will become active, now re-verify hypervisor and flavor details for the vm

:~# openstack server show test_resize_vm | grep -E "flavor|hypervisor"
| OS-EXT-SRV-ATTR:hypervisor_hostname  | compute-58   |
| flavor                               | m1.medium (3)|

[root@test-resize-vm ~]# df -Th
Filesystem     Type      Size  Used Avail Use% Mounted on
/dev/vda1      xfs        40G  887M   40G   3% /
devtmpfs       devtmpfs  1.9G     0  1.9G   0% /dev
tmpfs          tmpfs     1.9G     0  1.9G   0% /dev/shm
tmpfs          tmpfs     1.9G  8.4M  1.9G   1% /run
tmpfs          tmpfs     1.9G     0  1.9G   0% /sys/fs/cgroup
tmpfs          tmpfs     380M     0  380M   0% /run/user/1000
[root@test-resize-vm ~]# cat demofile
test file for resize operation
[root@test-resize-vm ~]#

This confirm that VM root partition has been resized successfully.

Note: Due to some reason if resize operation was not successful and you want to revert the vm back to previous state, then run the following command,

# openstack server resize --revert {instance_uuid}

If have noticed “openstack server show” commands output, VM is migrated from compute-57 to compute-58 after resize. This is the default behavior of “nova resize” command ( i.e nova resize command will migrate the instance to another compute & then resize it based on the flavor details)

In case if you have only one compute node then nova resize will not work, but we can make it work by changing the below parameter in nova.conf file on compute node,

[root@devstack-linuxtechi ~]# grep -i resize /etc/nova/nova.conf
allow_resize_to_same_host = True
[root@devstack-linuxtechi ~]#

If “allow_resize_to_same_host” is set as False then change it to True and restart the nova compute service.

That’s all from this tutorial, in case it helps you technically then please do share your feedback and comments.

Source

January 21, 2019March 9, 2019

How Do You Fedora: Journey into 2019

Fedora had an amazing 2018. The distribution saw many improvements with the introduction of Fedora 28 and Fedora 29. Fedora 28 included third party repositories, making it easy to get software like the Steam client, Google Chrome and Nvidia’s proprietary drivers. Fedora 29 brought support for automatic updates for Flatpack.

One of the four foundations of Fedora is Friends. Here at the Magazine we’re looking back at 2018, and ahead to 2019, from the perspective of several members of the Fedora community. This article focuses on what each of them did last year, and what they’re looking forward to this year.

Fedora in 2018

Radka Janekova attended five events in 2018. She went to FOSDEM as a Fedora Ambassador, gave two presentations at devconf.cz and three presentation on dotnet in Fedora. Janekova starting using DaVinci Resolve in 2018: “DaVinci Resolve which is very Linux friendly video editor.” She did note one drawback, saying, “It may not be entirely open source though!”

Julita Inca has been to many places in the world in 2018. “I took part of the Fedora 29 Release Party in Poland where I shared my experiences of being an Ambassador of Fedora these years in Peru.” She is currently located in the University of Edinburgh. “I am focusing in getting a Master in High Performance Computing in the University of Edinburgh using ARCHER that has CentOS as Operating System.” As part of her masters degree she is using a lot of new software. “I am learning new software for parallel programming I learned openMP and MPI.” To profile code in C and Fortran she is using Intel’s Vtune

Jose Bonilla went to a DevOps event hosted by a company called Rancher. Rancher is an open source company that provides a container orchestration framework which can be hosted in a variety of ways, including in the cloud or self-hosted. “I went to this event because I wished to gain more insight into how I can use Fedora containerization in my organization and to teach students how to manage applications and services.” This event showed that the power of open source is less focus on competition and more on completion. “There were several open source projects at this event working completely in tandem without ever having this as a goal. The companies at this event were Google, Rancher, Gitlab and Aqua.” Jose used a variety of open source applications in 2018. “I used Cockpit, Portainer and Rancher OS. Portainer and Rancher are both services that manage dockers containers. Which only proves the utility of containers. I believe this to be the future of compute environments.” He is also working on tools for data analytics. “I am improving on my knowledge of Elasticsearch and the Elastic Stack — Kibana, which is an extraordinarily powerful open source set of tools for data analytics.”

Carlos Enrique Castro León has not been to a Fedora event in Peru, but listens to Red Hat Command Line Hero. “I really like to listen to him since I can meet people related to free code.” Last year he started using Kdenlive and Inkscape. “I like them because there is a large community in Spanish that can help me.”

Akinsola Akinwale started using VSCode, Calligra and Qt5 Designer in 2018. He uses VScode for Python development. For editing documents and spreadsheets he uses Calligra. “I love Vscode for its embedded VIM , terminal & easy of use.” He started using Calligra just for a change of pace. He likes the flexibility of Qt5 designed for creating graphical user interfaces instead of coding it all in Vscode.

Kevin Fenzi went to several Fedora events in 2018. He enjoyed all of them, but liked Flock in Dresden the best of them all. “At Flock in Dresden I got a chance to talk face to face with many other Fedora contributors that I only talk to via IRC or email the rest of the time. The organizers did an awesome job, the venue was great and it was all around just a great time. There were some talks that made me think, and others that made me excited to see what would happen with them in the coming year. Also, the chance to have high bandwith talks really helped move some ideas along to reality.” There were two applications Kevin started using in 2018. “First, after many years of use, I realized it was time to move on from using rdiff-backups for my backups. It’s a great tool, but it’s in python2 and very inactive upstream. After looking around I settled on borg backup and have been happily using that since. It has a few rough edges (it needs lots of cache files to do really fast backups, etc) but it has a very active community and seems to work pretty nicely.” The other application that Kevin started using in OpenShift. “Secondly, 2018 was the year I really dug into OpenShift. I understand now much more about how it works and how things are connected and how to manage and upgrade it. In 2019 we hope to move a bunch of things over to our OpenShift cluster. The OpenShift team is really doing a great job of making something that deploys and upgrades easily and are adding great features all the time (most recently the admin console, which is great to watch what your cluster is doing!).”

Fedora in 2019

Radka plans to do similar presentations in 2019. “At FOSDEM this time I’ll be presenting a story of an open source project eating servers with C#.” Janekova targets pre-university students in an effort to encourage young women to get involved in technology. “I really want to help dotnet and C# grow in the open source world, and I also want to educate the next generation a little bit better in terms of what women can or can not do.”

Julita plans on holding two events in 2019. “I can promote the use of Fedora and GNOME in Edinburgh University.” When she returns to Peru she plans on holding a conference on writing parallel code on Fedora and Gnome.

Jose plans on continuing to push open source initiatives such as cloud and container infrastructures. He will also continue teaching advanced Unix systems administration. “I am now helping a new generation of Red Hat Certified Professionals seek their place in the world of open source. It is indeed a joy when a student mentions they have obtained their certification because of what they were exposed to in my class.” He also plans on spending some more time with his art again.

Carlos would like to write for Fedora Magazine and help bring the magazine to the Latin American community. “I would like to contribute to Fedora Magazine. If possible I would like to help with the magazine in Spanish.”

Akinsola wants to hold a Fedora a release part in 2019. “I want make many people aware of Fedora, make them aware they can be part of the release and it is easy to do.” He would also like to ensure that new Fedora users have an easy time of adapting to their new OS.

Kevin is planning is excited about 2019 being a time of great change for Fedora. “In 2019 I am looking forward to seeing what and how we retool things to allow for lifecycle changes and more self service deliverables. I think it’s going to be a ton of work, but I am hopeful we will come out of it with a much better structure to carry us forward to the next period of Fedora success.” Kevin also had some words of appreciation for everyone in the Fedora community. “I’d like to thank everyone in the Fedora community for all their hard work on Fedora, it wouldn’t exist without the vibrant community we have.”

Source

January 21, 2019March 9, 2019

Get started with CryptPad, an open source collaborative document editor

Securely share your notes, documents, kanban boards, and more with CryptPad, the fifth in our series on open source tools that will make you more productive in 2019.

web development and design, desktop and browser

CryptPad

We already talked about Joplin, which is good for keeping your own notes but—as you may have noticed—doesn’t have any sharing or collaboration features.

CryptPad is a secure, shareable note-taking app and document editor that allows for secure, collaborative editing. Unlike Joplin, it is a NodeJS app, which means you can run it on your desktop or a server elsewhere and access it with any modern web browser. Out of the box, it supports rich text, Markdown, polls, whiteboards, kanban, and presentations.

The different document types are robust and fully featured. The rich text editor covers all the bases you’d expect from a good editor and allows you to export files to HTML. The Markdown editor is on par with Joplin, and the kanban board, though not as full-featured as Wekan, is really well done. The rest of the supported document types and editors are also very polished and have the features you’d expect from similar apps, although polls feel a little clunky.

CryptPad’s real power, though, comes in its sharing and collaboration features. Sharing a document is as simple as getting the sharable URL from the “share” option, and CryptPad supports embedding documents in iFrame tags on other websites. Documents can be shared in Edit or View mode with a password and with links that expire. The built-in chat allows editors to talk to each other (note that people with View access can also see the chat but can’t comment).

All files are stored encrypted with the user’s password. Server administrators can’t read the documents, which also means if you forget or lose your password, the files are unrecoverable. So make sure you keep the password in a secure place, like a password vault.

When it’s run locally, CryptPad is a robust app for creating and editing documents. When run on a server, it becomes an excellent collaboration platform for multi-user document creation and editing. Installation took less than five minutes on my laptop, and it just worked out of the box. The developers also include instructions for running CryptPad in Docker, and there is a community-maintained Ansible role for ease of deployment. CryptPad does not support any third-party authentication methods, so users must create their own accounts. CryptPad also has a community-supported hosted version if you don’t want to run your own server.

Source

January 21, 2019March 9, 2019

Download Bitnami MyBB Module Linux 1.8.19-2

A graphical installer that allows you to install MyBB on top of a Bitnami LAMP Stack

Bitnami MyBB Module is a free and multiplatform software project that provides users with a graphical installer that allows users to install the MyBB web-based application on top of an existing Bitnami LAMP (Linux, Apache, MySQL and PHP) Stack, without having to deal with MyBB’s runtime dependencies.

What is MyBB?

MyBB is a free, platform-independent, and open source web-based software that has been created from the offset to act as a discussion board, also known as forum. The application is written in the PHP server-side programming language provides users with a professional look and a set of features borrowed from similar products.

Installing Bitnami MyBB Module

To install the MyBB software on top of your Bitnami LAMP Stack installation, you will have to download the pre-built binary package that corresponds to your computer’s CPU architecture (32-bit/64-bit), saving the .run file on your Home or Desktop folder.

Make the .run package executable (right click on it, go to Properties, access the Permissions tab, and check the “Allow executing file as program” option), double click the file, and follow the instruction displayed on the screen.

Virtualize MyBB or run in the cloud

In addition to installing MyBB on your personal computer, you can also virtualize it using Bitnami’s virtual appliance based on the latest LTS (Long Term Support) release of the Ubuntu Linux computer operating system, on top of Oracle VirtualBox and VMware ESX/ESXi virtualization software.

MyBB can also run in the cloud, thanks to Bitnami’s pre-built cloud images that have been designed especially to support the Amazon EC2, Google Cloud, and Windows Azure cloud hosting platforms.

The Bitnami MyBB Stack and Docker container

Besides the Bitnami MyBB Module product reviewed here, you can also download the Bitnami MyBB Stack installer from Softpedia, which has been created from the ground up to allow you to install MyBB and its runtime dependencies on personal computers. A MyBB Docker container will also be available for download on the project’s website.

DOWNLOAD Bitnami MyBB Module 1.8.19-3

Source

January 20, 2019March 9, 2019

Websites can steal browser data via extensions APIs

Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.

Browser extensions

Malicious websites can exploit browser extension APIs to execute code inside the browser and steal sensitive information such as bookmarks, browsing history, and even user cookies.

The latter, an attacker can use to hijack a user’s active login sessions and access sensitive accounts, such as email inboxes, social media profiles, or work-related accounts.

Furthermore, the same extension APIs can also be abused to trigger the download of malicious files and store them on the user device, and store and retrieve data in an extension’s permanent storage, data that can later be used to track users across the web.

These types of attacks are not theoretical but have been proven in an academic paper published this month by Dolière Francis Somé, a researcher with the Université Côte d’Azur and with INRIA, a French researcher institute.

Somé created a tool and tested over 78,000 Chrome, Firefox, and Opera extensions. Through his efforts, he was able to identify 197 extensions that exposed internal extension API communication interfaces to web applications, allowing malicious websites a direct avenue to the data stored inside a user’s browser, data that under normal circumstances only the extension’s own code could have reached (when the proper permissions were obtained).

Results of browser extension attacks — Image: Somé

The French researcher says he was surprised by the results, as only 15 (7.61%) of the 197 extensions were developer tools, a category of extensions that usually have full control of what happens in a browser, and would have been the ones that he expected were easier to exploit.

Around 55 percent of all the vulnerable extensions had fewer than 1,000 installs, but over 15 percent had over 10,000.

Results, extensions organized by category — Image: Somé

Somé said he notified the browser vendors about his findings before going public with his work in early January.

“All vendors acknowledged the issues,” Somé said. “Firefox has removed all the reported extensions. Opera has also removed all the extensions but 2 which can be exploited to trigger downloads.”

“Chrome also acknowledged the problem in the reported extensions. We are still discussing with them on potential actions to take: either remove or fix the extensions,” he said.

The researcher also created a tool that lets users test if their extensions also contain vulnerable APIs that can be exploited by malicious websites. The tool is web-based and hosted on this page. To use it, users would have to copy-paste the content of an extension’s manifest.json file.

A page listing various demo videos is available here. More details about Somé’s work are available in a research paper entitled “EmPoWeb: Empowering Web Applications with Browser Extensions,” available for download in a PDF format from here or here.

It would be highly impractical to list all the vulnerable extensions in this article. Readers can find the list of vulnerable extensions in tables at the end of the above-linked research papers.

Source

January 20, 2019March 9, 2019

Inkscape 1.0 Open-Source Vector Graphics Editor Is Finally Coming After 15 Years

An Alpha version is now available for public testing

After being in development for the last 15 years, the Inkscape open-source and free vector graphics editor is finally reaching the 1.0 milestone, proving its maturity with new and exciting features and improvements.

Inkscape is quality SVG editor that runs on Linux, Mac, and Windows systems and can be used to create or edit vector graphics like logos, diagrams, illustrations, charts, and anything else in between. InkScape 1.0 is a major release that all fans of the open source software have expected for so long, and it finally brings long-anticipated features and improvements.

Highlights of Inkscape 1.0 include an updated user interface that offers better support for 4K/HiDPI screens and theming support, the ability to rotate and mirror canvases, new options for exporting to the PNG image format, variable fonts (requires pango 1.41.1 or higher), as well as much faster path operations and deselection of a large amounts of paths.

“The user interface has been changed to using a more recent version of GTK+, the widget toolkit that Inkscape uses to draw the user interface on the screen. This new version brings a lot of improvements, especially for users of HiDPI screens. Updating Inkscape for using it has been a large effort that has been anticipated eagerly for a long time, and was a focus of the Boston Hackfest,” said the devs.

First alpha version of Inkscape 1.0 is out now

Among other changes coming to the Inkscape 1.0 release, which should be available later this year, we can mention the ability to control the width of the PowerStroke tool with pressure sensitive touch gestures on graphics tablets, support for fillet/chamfer LPE and lossless boolean operation LPE, and optional placement of Origin in the top left corner of the window.

A first alpha pre-release version of Inkscape 1.0 is now available for download as an AppImage for Linux-based operating systems. A source package is available as well if you want to compile the software on Mac or Windows OSes. More details about the changes coming to Inkscape 1.0 will be revealed in time, but you can check the draft release notes here.

Meanwhile, if you’re using Inkscape, you should know that version 0.92.4 was also released today as a maintenance update that adds support for aligning multiple objects as a group relative to a single object, printing improvemnts, support for writing image data to standard output and read from it, better performance of the measure tool when working with visible grids, and other bug fixes.

Source

January 20, 2019March 9, 2019

Linux Today – Easily Set CPU Governor (Performance

Easily Set CPU Governor (Performance / Powersave) And Monitor CPU Frequency In Gnome Shell With CPUFREQ Extension

CPUFREQ Power Manager (or just CPUFREQ) is a Gnome Shell extension that makes it easy change the CPU governor (powersave / performance) and monitor the CPU frequency.

The extension can also set the minimum and maximum CPU frequency, enable or disable turbo boost, and display some system status messages which can inform the user when CPU throttling is occurring, or when there are some CPU load issues.

Another nice feature is custom profiles. This allows the creation of custom power profiles to quickly switch between various application settings.

From the CPUFREQ Power Manager settings you can set it to remember the settings, automatically restoring them on the next start (with this set to off being the default), or change what the panel label/icon monitors – the CPU frequency (showing the current CPU frequency value), the CPU governor (showing an icon representing the in-use governor), or both.

The extension works with both the CPU frequency driver (CPUFreq), as well as the Intel P-State driver.

CPUFreq supports multiple governors (performance, powersave, ondemand, conservative, schedutil and userspace), while the intel_pstate driver only supports the performance and powersave guvernors, but they both provide dynamic scaling. According to Phoronix, the intel_pstate performance governor should give better power saving than the old ondemand governor.

Since intel_pstate is used automatically for Intel Sandy Bridge and newer CPUs, it’s best to use this. But CPUFREQ Power Manager does support the old CPUFreq driver, which can be used by disabling Intel Pstate as explained on the extension FAQ, and by installing (see the dependencies section from the linked page) an optional package.

CPUFREQ Power Manager is only available as a Gnome Shell extension right now, but the plan is to create a dedicated Gtk+ 3 application that supports multiple desktop environments. Unfortunately that’s not a lot of information about this.

To understand what each item in the CPUFREQ Power Manager extension user interface does, I recommend visiting its frontend overview page. The extension FAQ page also has some important information.

Install CPUFREQ extension

To install the extension simply switch the slider from the extension page to ON. To be able to install extensions from extensions.gnome.org you’ll need a browser add-on and install a package on your system. See this page for instructions.

You can also install the extension using the Software application on some systems, by searching for and installing cpufreq, as seen in the screenshot above.

Source