Linux Blimp

Nov 12, 2018

This guide will present a step-by-step guide of how to install and configure Vundle (Vim Bundle) from GitHub, and what issues you may face when installing Vundle. As many of you may know, vim is a console-based text editor that has numerous advanced features. One such feature is that its functionality can be extended and customized using plugins written by other people. Managing these plugins, however, can be rather tedious. Vundle attempts to assist users in managing these plugins for you by providing an interface.

Complete Story

Related Stories:

• Personalizing Vim(May 26, 2010)
• Vim 201: An Intermediate Guide to Vim(Nov 27, 2009)
• Vim 101: A Beginner’s Guide to Vim(Nov 21, 2009)
• VIM cheat sheet(Sep 13, 2011)
• Vim / Vi Tutorial(Dec 05, 2008)

Source

One I completely forgot to post about here, NVIDIA recently released the 415.13 beta driver for Linux.

Released on the 8th of November, it includes a number of interesting fixes, including an issue fixed with WINE where it might crash on recent distribution releases. Nice to see WINE get some focus, since things like this can affect Valve’s Steam Play.

They also fixed an OpenGL issue where conditional rendering was incorrectly affecting mipmap generation. Another OpenGL bug was fixed which caused the upper bounds of floating-point viewports, specified through the ARB_viewport_array extension, to be clipped incorrectly.

There’s also a new X configuration option “HardDPMS” which they disabled by default. This will enable you to put your display to sleep with modesets rather than VESA DPMS (VESA Display Power Management Signaling), possibly fixing some displays that won’t sleep when DPMS is active. NVIDIA say they will eventually enable it by default.

On top of that plus more fixes, they added the current synchronization state for PRIME Displays to nvidia-settings. This latest beta driver also ups the minimum Linux Kernel version to 2.6.9 to 2.6.32, along with a required X.Org xserver version bump to 1.5.

See the full changelog here.

Source

LF Deep Learning Foundation today announced the first publicly available release of Acumos AI, an open source framework and platform for the training and deployment of AI models.

Created in March, the LF Deep Learning Foundation is part of the Linux Foundation project and supports open source projects for machine learning, deep learning, and AI.

Founding members include Tencent, Baidu, Huawei, ZTE, AT&T, and Nokia.

Acumos AI, whose release version is codenamed Athena, also began in March and includes the participation of about 75 developers, a foundation spokesperson told VentureBeat in an email. An updated version is due out in mid-2019, according to a statement provided to VentureBeat.

The first Acumos AI public release can deliver one-click deployment of AI models with Docker or Kubernetes containers, data translation tools, and a graphical user interface for linking multiple AI models together.

Acumos works with AI models created with tools like TensorFlow and scikit-learn, as well as H20.ai.

Other active LF Deep Learning Foundation projects include machine learning platform Angel and Elastic Deep Learning, a project to help cloud service providers make cloud cluster services with frameworks like TensorFlow and PaddlePaddle.

The two projects were added in August by Tencent and Baidu, respectively, a foundation spokesperson told VentureBeat in an email.

The Acumos AI community will also be able to utilize the AI Marketplace for sharing and downloading models. To seed the marketplace, a $100,000 competition was held earlier this year, with top winners making models that do things like predict the price of a home or determine whether a strain of breast cancer is benign or malignant.

Acumos is the latest tool for quick AI deployment to make its debut in recent weeks. There’s also Horizon, a reinforcement learning platform created by Facebook engineers and researchers, as well as Kubeflow Pipelines from Google Cloud Platform, which also relies on containers for deploying AI.

Source

4MLinux is an open source and independent distribution of Linux built from scratch and designed to be used as a system rescue Live CD, for watching videos and listening to music, for deploying servers using the inetd daemon, as well as for playing Linux games.

It has been designed from the ground up to be used directly from a CD disc or USB flash drive. However, users can install the distribution to a local disk drive using the built-in installer from the live session.

Distributed as a dual-arch Live CD

This is the main and first edition of the 4MLinux (four M – Maintenance, Multimedia, Miniserver and Mystery). It’s distributed as a single Live CD ISO image of approximately 50MB in size. Supported architectures includes 32-bit (i386) and 64-bit (amd64).

Boot options

Two boot modes are available, with default display settings or using the VESA framebuffer. We recommend using only the first one, but if your graphics card is not supported, then you really need to use the second option.

Unfortunately, the Live CD does not boot directly into the graphical environment, as it will first ask users to set up a password for the root (system administrator) account, which will be used to log into the live session.

From the shell prompt, you will need to type the “startx” command in order to enter the graphical desktop, which is comprised of a taskbar located on the bottom edge of the screen, a dock (application launcher) on the upper side of the screen, and a system monitoring widget on the desktop.

Default applications

Default applications include the QupZilla web browser, PathFinder file browser, SMPlayer and MPlayer video players, SMTube YouTube browser, XPaint digital painting software, Clam AntiVirus virus scanner, GParted disk partitioning tool, as well as a handful of board games.

Another interesting feature is the ability to install the LibreOffice office suite, Oracle Virtualbox virtualization software, and the Java Runtime Environment (JRE).

Source

This howto will show you how to store your users in LDAP and authenticate some of the services against it. I will not show how to install particular packages, as it is distribution/system dependent. I will focus on “pure” configuration of all components needed to have LDAP authentication/storage of users. The howto assumes somehow, that you are migrating from a regular passwd/shadow authentication, but it is also suitable for people who do it from scratch.

The thing we want to achieve is to have our users stored in LDAP, authenticated against LDAP ( direct or pam ) and have some tool to manage this in a human understandable way. This way we can use all software, which has LDAP support or fallback to PAM LDAP module, which will act as a PAM->LDAP gateway.

Configuring OpenLDAP

OpenLDAP consists of slapd and slurpd daemon. This howto covers one LDAP server without a replication, so we will focus only on slapd. I also assume you installed and initialized your OpenLDAP installation (depends on system/distribution). If so, let’s go to the configuration part.

Read more at HowToForge

Source

With GCC 9 embarking upon its third stage of development where the focus ships to working on bug/regression fixes in preparation for releasing the GCC 9.1 stable compiler likely around the end of Q1’2019, here is a fresh look at the GCC 9 performance with its latest development code as of this week compared to GCC 8.2.0 stable while using an Intel Core i9 7980XE test system running Ubuntu Linux. For good measure are also fresh results from LLVM Clang 7.0 stable as well as LLVM Clang 8.0 SVN for the latest development state of that competing C/C++ open-source compiler.

As GCC 9 feature development is ending (aside from any new ports that may still be permitted during GCC Stage 3 development), it’s a good time to check in on how this annual update to the GNU Compiler Collection is looking on the performance front. Both GCC 8.2 and GCC 9.0.0 20181112 were configured and built in the same manner from the Intel SKylake-X test system running Ubuntu 18.10 x86_64 with the Linux 4.18 kernel.

Clang 7.0 and Clang 8.0 SVN were also tested for reference on how that more liberally licensed compiler stack is performing. The CFLAGS/CXXFLAGS were set to “-O3 -march=native” and maintained the same flags throughout the building and benchmarking of all four compiler stacks.

These compiler benchmarks were carried out via the Phoronix Test Suite. As the GCC 9.1 stable release nears (along with Clang 8.0), there will be more compiler benchmarks on a diverse range of hardware for seeing how the performance pans out while this is just a preliminary look given the shift to the next stage of GCC development.

Source

Container Linux by CoreOS is an open source software project that provides system administrators and experienced users with a modern and minimal operating system designed for massive server deployments. It is not based on any existing distribution of Linux and features the latest Linux kernel and Docker technologies for enabling warehouse-scale computing with minimum effort as possible.

Great availability, amazing technologies

The product is distributed as a standard ISO image, which can be burned onto a CD disc or written on a USB flash drive in order to boot it from the BIOS of a PC and install the operating system (detailed installation instructions are provided on the project’s homepage).

In addition to the ISO image, which is supported on both 64-bit and 32-bit instruction set architectures, the project can also be booted over network and installed on a local disk via the PXE (Preboot Execution Environment) and iPXE implementations and boot loaders.

Furthermore, it is supported by various cloud providers, including Amazon EC2, GCE, Brightbox and Rackspace, or deployable as a virtual machine on the QEMU, VMware, OpenStack, Eucalyptus and Vagrant virtualization technologies.

Because of its modern internal design, CoreOS uses with up to 50% less RAM (system memory) than any other existing server operating system. In addition, it makes use of the award winning Docker software project to run applications as containers.

Another interesting feature is the active/passive dual-partition scheme, which will make system updates painless and fast, while providing a rollback functionality. Also, it is designed from the ground up to be clustered, even if it runs on a single machine.

Bottom line

Summing up, CoreOS is a great Linux-based operating system for massive server deployments, which can be used by top-notch Internet companies like Twitter, Facebook or Google to run their services at scale with high flexibility.

Source

Source

System administration is a very reactive role, with sysadmins constantly monitoring networks for issues. Systems engineers, on the other hand, can build a system that anticipates users’ needs (and potential problems). In certain cases, they must integrate existing technology stacks (e.g., following the merger of two companies), and prototype different aspects of the network before it goes “live.”

In other words, it’s a complex job, with a salary to match. …If you want a truly impressive salary, though, consider specializing in Linux systems—that will translate into a $20,000 pay bump.

Source

Iptables is an extremely flexible firewall utility built for Linux operating systems. Whether you’re a novice Linux geek or a system administrator, there’s probably some way that iptables can be a great use to you. Read on as we show you how to configure the most versatile Linux firewall.

About iptables

iptables is a command-line firewall utility that uses policy chains to allow or block traffic. When a connection tries to establish itself on your system, iptables looks for a rule in its list to match it to. If it doesn’t find one, it resorts to the default action.

iptables almost always comes pre-installed on any Linux distribution. To update/install it, just retrieve the iptables package:

sudo apt-get install iptables

There are GUI alternatives to iptables like Firestarter, but iptables isn’t really that hard once you have a few commands down. You want to be extremely careful when configuring iptables rules, particularly if you’re SSH’d into a server, because one wrong command can permanently lock you out until it’s manually fixed at the physical machine.

$299 REGISTERS YOU FOR OUR NEWEST SELF PACED COURSE! LFD201 – INTRODUCTION TO OPEN SOURCE DEVELOPMENT, GIT, AND LINUX!

Types of Chains

iptables uses three different chains: input, forward, and output.

Input – This chain is used to control the behavior for incoming connections. For example, if a user attempts to SSH into your PC/server, iptables will attempt to match the IP address and port to a rule in the input chain.

Forward – This chain is used for incoming connections that aren’t actually being delivered locally. Think of a router – data is always being sent to it but rarely actually destined for the router itself; the data is just forwarded to its target. Unless you’re doing some kind of routing, NATing, or something else on your system that requires forwarding, you won’t even use this chain.

There’s one sure-fire way to check whether or not your system uses/needs the forward chain.

iptables -L -v

The screenshot above is of a server that’s been running for a few weeks and has no restrictions on incoming or outgoing connections. As you can see, the input chain has processed 11GB of packets and the output chain has processed 17GB. The forward chain, on the other hand, has not needed to process a single packet. This is because the server isn’t doing any kind of forwarding or being used as a pass-through device.

REGISTER TODAY FOR YOUR KUBERNETES FOR DEVELOPERS (LFD259) COURSE AND CKAD CERTIFICATION TODAY! $499!

Output – This chain is used for outgoing connections. For example, if you try to ping howtogeek.com, iptables will check its output chain to see what the rules are regarding ping and howtogeek.com before making a decision to allow or deny the connection attempt.

The caveat

Even though pinging an external host seems like something that would only need to traverse the output chain, keep in mind that to return the data, the input chain will be used as well. When using iptables to lock down your system, remember that a lot of protocols will require two-way communication, so both the input and output chains will need to be configured properly. SSH is a common protocol that people forget to allow on both chains.

Policy Chain Default Behavior

Before going in and configuring specific rules, you’ll want to decide what you want the default behavior of the three chains to be. In other words, what do you want iptables to do if the connection doesn’t match any existing rules?

To see what your policy chains are currently configured to do with unmatched traffic, run the iptables -L command.

As you can see, we also used the grep command to give us cleaner output. In that screenshot, our chains are currently figured to accept traffic.

More times than not, you’ll want your system to accept connections by default. Unless you’ve changed the policy chain rules previously, this setting should already be configured. Either way, here’s the command to accept connections by default:

iptables –policy INPUT ACCEPT

iptables –policy OUTPUT ACCEPTiptables –policy FORWARD ACCEPT

By defaulting to the accept rule, you can then use iptables to deny specific IP addresses or port numbers, while continuing to accept all other connections. We’ll get to those commands in a minute.

If you would rather deny all connections and manually specify which ones you want to allow to connect, you should change the default policy of your chains to drop. Doing this would probably only be useful for servers that contain sensitive information and only ever have the same IP addresses connect to them.

iptables –policy INPUT DROP

iptables –policy OUTPUT DROPiptables –policy FORWARD DROP

Connection-specific Responses

With your default chain policies configured, you can start adding rules to iptables so it knows what to do when it encounters a connection from or to a particular IP address or port. In this guide, we’re going to go over the three most basic and commonly used “responses”.

Accept – Allow the connection.

Drop – Drop the connection, act like it never happened. This is best if you don’t want the source to realize your system exists.

Reject – Don’t allow the connection, but send back an error. This is best if you don’t want a particular source to connect to your system, but you want them to know that your firewall blocked them.

The best way to show the difference between these three rules is to show what it looks like when a PC tries to ping a Linux machine with iptables configured for each one of these settings.

Hyperledger Fabric Fundamentals (LFD271) $299

Allowing the connection:

Dropping the connection:

Rejecting the connection:

Allowing or Blocking Specific Connections

With your policy chains configured, you can now configure iptables to allow or block specific addresses, address ranges, and ports. In these examples, we’ll set the connections to DROP, but you can switch them to ACCEPT or REJECT, depending on your needs and how you configured your policy chains.

Note: In these examples, we’re going to use iptables -A to append rules to the existing chain. iptables starts at the top of its list and goes through each rule until it finds one that it matches. If you need to insert a rule above another, you can use iptables -I [chain] [number] to specify the number it should be in the list.

Connections from a single IP address

This example shows how to block all connections from the IP address 10.10.10.10.

iptables -A INPUT -s 10.10.10.10 -j DROP

Connections from a range of IP addresses

This example shows how to block all of the IP addresses in the 10.10.10.0/24 network range. You can use a netmask or standard slash notation to specify the range of IP addresses.

iptables -A INPUT -s 10.10.10.0/24 -j DROP

or

iptables -A INPUT -s 10.10.10.0/255.255.255.0 -j DROP

Connections to a specific port

This example shows how to block SSH connections from 10.10.10.10.

iptables -A INPUT -p tcp –dport ssh -s 10.10.10.10 -j DROP

You can replace “ssh” with any protocol or port number. The -p tcp part of the code tells iptables what kind of connection the protocol uses. If you were blocking a protocol that uses UDP rather than TCP, then -p udp would be necessary instead.

This example shows how to block SSH connections from any IP address.

iptables -A INPUT -p tcp –dport ssh -j DROP

Connection States

As we mentioned earlier, a lot of protocols are going to require two-way communication. For example, if you want to allow SSH connections to your system, the input and output chains are going to need a rule added to them. But, what if you only want SSH coming into your system to be allowed? Won’t adding a rule to the output chain also allow outgoing SSH attempts?

That’s where connection states come in, which give you the capability you’d need to allow two way communication but only allow one way connections to be established. Take a look at this example, where SSH connections FROM 10.10.10.10 are permitted, but SSH connections TO 10.10.10.10 are not. However, the system is permitted to send back information over SSH as long as the session has already been established, which makes SSH communication possible between these two hosts.

iptables -A INPUT -p tcp –dport ssh -s 10.10.10.10 -m state –state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp –sport 22 -d 10.10.10.10 -m state –state ESTABLISHED -j ACCEPT

Saving Changes

The changes that you make to your iptables rules will be scrapped the next time that the iptables service gets restarted unless you execute a command to save the changes. This command can differ depending on your distribution:

Ubuntu:

sudo /sbin/iptables-save

Red Hat / CentOS:

/sbin/service iptables save

Or

/etc/init.d/iptables save

Other Commands

List the currently configured iptables rules:

iptables -L

Adding the -v option will give you packet and byte information, and adding -n will list everything numerically. In other words – hostnames, protocols, and networks are listed as numbers.

To clear all the currently configured rules, you can issue the flush command.

iptables -F

Source