Linux Blimp

One I completely forgot to post about here, NVIDIA recently released the 415.13 beta driver for Linux.

Released on the 8th of November, it includes a number of interesting fixes, including an issue fixed with WINE where it might crash on recent distribution releases. Nice to see WINE get some focus, since things like this can affect Valve’s Steam Play.

They also fixed an OpenGL issue where conditional rendering was incorrectly affecting mipmap generation. Another OpenGL bug was fixed which caused the upper bounds of floating-point viewports, specified through the ARB_viewport_array extension, to be clipped incorrectly.

There’s also a new X configuration option “HardDPMS” which they disabled by default. This will enable you to put your display to sleep with modesets rather than VESA DPMS (VESA Display Power Management Signaling), possibly fixing some displays that won’t sleep when DPMS is active. NVIDIA say they will eventually enable it by default.

On top of that plus more fixes, they added the current synchronization state for PRIME Displays to nvidia-settings. This latest beta driver also ups the minimum Linux Kernel version to 2.6.9 to 2.6.32, along with a required X.Org xserver version bump to 1.5.

See the full changelog here.

Source

LF Deep Learning Foundation today announced the first publicly available release of Acumos AI, an open source framework and platform for the training and deployment of AI models.

Created in March, the LF Deep Learning Foundation is part of the Linux Foundation project and supports open source projects for machine learning, deep learning, and AI.

Founding members include Tencent, Baidu, Huawei, ZTE, AT&T, and Nokia.

Acumos AI, whose release version is codenamed Athena, also began in March and includes the participation of about 75 developers, a foundation spokesperson told VentureBeat in an email. An updated version is due out in mid-2019, according to a statement provided to VentureBeat.

The first Acumos AI public release can deliver one-click deployment of AI models with Docker or Kubernetes containers, data translation tools, and a graphical user interface for linking multiple AI models together.

Acumos works with AI models created with tools like TensorFlow and scikit-learn, as well as H20.ai.

Other active LF Deep Learning Foundation projects include machine learning platform Angel and Elastic Deep Learning, a project to help cloud service providers make cloud cluster services with frameworks like TensorFlow and PaddlePaddle.

The two projects were added in August by Tencent and Baidu, respectively, a foundation spokesperson told VentureBeat in an email.

The Acumos AI community will also be able to utilize the AI Marketplace for sharing and downloading models. To seed the marketplace, a $100,000 competition was held earlier this year, with top winners making models that do things like predict the price of a home or determine whether a strain of breast cancer is benign or malignant.

Acumos is the latest tool for quick AI deployment to make its debut in recent weeks. There’s also Horizon, a reinforcement learning platform created by Facebook engineers and researchers, as well as Kubeflow Pipelines from Google Cloud Platform, which also relies on containers for deploying AI.

Source

4MLinux is an open source and independent distribution of Linux built from scratch and designed to be used as a system rescue Live CD, for watching videos and listening to music, for deploying servers using the inetd daemon, as well as for playing Linux games.

It has been designed from the ground up to be used directly from a CD disc or USB flash drive. However, users can install the distribution to a local disk drive using the built-in installer from the live session.

Distributed as a dual-arch Live CD

This is the main and first edition of the 4MLinux (four M – Maintenance, Multimedia, Miniserver and Mystery). It’s distributed as a single Live CD ISO image of approximately 50MB in size. Supported architectures includes 32-bit (i386) and 64-bit (amd64).

Boot options

Two boot modes are available, with default display settings or using the VESA framebuffer. We recommend using only the first one, but if your graphics card is not supported, then you really need to use the second option.

Unfortunately, the Live CD does not boot directly into the graphical environment, as it will first ask users to set up a password for the root (system administrator) account, which will be used to log into the live session.

From the shell prompt, you will need to type the “startx” command in order to enter the graphical desktop, which is comprised of a taskbar located on the bottom edge of the screen, a dock (application launcher) on the upper side of the screen, and a system monitoring widget on the desktop.

Default applications

Default applications include the QupZilla web browser, PathFinder file browser, SMPlayer and MPlayer video players, SMTube YouTube browser, XPaint digital painting software, Clam AntiVirus virus scanner, GParted disk partitioning tool, as well as a handful of board games.

Another interesting feature is the ability to install the LibreOffice office suite, Oracle Virtualbox virtualization software, and the Java Runtime Environment (JRE).

Source

This howto will show you how to store your users in LDAP and authenticate some of the services against it. I will not show how to install particular packages, as it is distribution/system dependent. I will focus on “pure” configuration of all components needed to have LDAP authentication/storage of users. The howto assumes somehow, that you are migrating from a regular passwd/shadow authentication, but it is also suitable for people who do it from scratch.

The thing we want to achieve is to have our users stored in LDAP, authenticated against LDAP ( direct or pam ) and have some tool to manage this in a human understandable way. This way we can use all software, which has LDAP support or fallback to PAM LDAP module, which will act as a PAM->LDAP gateway.

Configuring OpenLDAP

OpenLDAP consists of slapd and slurpd daemon. This howto covers one LDAP server without a replication, so we will focus only on slapd. I also assume you installed and initialized your OpenLDAP installation (depends on system/distribution). If so, let’s go to the configuration part.

Read more at HowToForge

Source

With GCC 9 embarking upon its third stage of development where the focus ships to working on bug/regression fixes in preparation for releasing the GCC 9.1 stable compiler likely around the end of Q1’2019, here is a fresh look at the GCC 9 performance with its latest development code as of this week compared to GCC 8.2.0 stable while using an Intel Core i9 7980XE test system running Ubuntu Linux. For good measure are also fresh results from LLVM Clang 7.0 stable as well as LLVM Clang 8.0 SVN for the latest development state of that competing C/C++ open-source compiler.

As GCC 9 feature development is ending (aside from any new ports that may still be permitted during GCC Stage 3 development), it’s a good time to check in on how this annual update to the GNU Compiler Collection is looking on the performance front. Both GCC 8.2 and GCC 9.0.0 20181112 were configured and built in the same manner from the Intel SKylake-X test system running Ubuntu 18.10 x86_64 with the Linux 4.18 kernel.

Clang 7.0 and Clang 8.0 SVN were also tested for reference on how that more liberally licensed compiler stack is performing. The CFLAGS/CXXFLAGS were set to “-O3 -march=native” and maintained the same flags throughout the building and benchmarking of all four compiler stacks.

These compiler benchmarks were carried out via the Phoronix Test Suite. As the GCC 9.1 stable release nears (along with Clang 8.0), there will be more compiler benchmarks on a diverse range of hardware for seeing how the performance pans out while this is just a preliminary look given the shift to the next stage of GCC development.

Source

Container Linux by CoreOS is an open source software project that provides system administrators and experienced users with a modern and minimal operating system designed for massive server deployments. It is not based on any existing distribution of Linux and features the latest Linux kernel and Docker technologies for enabling warehouse-scale computing with minimum effort as possible.

Great availability, amazing technologies

The product is distributed as a standard ISO image, which can be burned onto a CD disc or written on a USB flash drive in order to boot it from the BIOS of a PC and install the operating system (detailed installation instructions are provided on the project’s homepage).

In addition to the ISO image, which is supported on both 64-bit and 32-bit instruction set architectures, the project can also be booted over network and installed on a local disk via the PXE (Preboot Execution Environment) and iPXE implementations and boot loaders.

Furthermore, it is supported by various cloud providers, including Amazon EC2, GCE, Brightbox and Rackspace, or deployable as a virtual machine on the QEMU, VMware, OpenStack, Eucalyptus and Vagrant virtualization technologies.

Because of its modern internal design, CoreOS uses with up to 50% less RAM (system memory) than any other existing server operating system. In addition, it makes use of the award winning Docker software project to run applications as containers.

Another interesting feature is the active/passive dual-partition scheme, which will make system updates painless and fast, while providing a rollback functionality. Also, it is designed from the ground up to be clustered, even if it runs on a single machine.

Bottom line

Summing up, CoreOS is a great Linux-based operating system for massive server deployments, which can be used by top-notch Internet companies like Twitter, Facebook or Google to run their services at scale with high flexibility.

Source

Source

System administration is a very reactive role, with sysadmins constantly monitoring networks for issues. Systems engineers, on the other hand, can build a system that anticipates users’ needs (and potential problems). In certain cases, they must integrate existing technology stacks (e.g., following the merger of two companies), and prototype different aspects of the network before it goes “live.”

In other words, it’s a complex job, with a salary to match. …If you want a truly impressive salary, though, consider specializing in Linux systems—that will translate into a $20,000 pay bump.

Source

Iptables is an extremely flexible firewall utility built for Linux operating systems. Whether you’re a novice Linux geek or a system administrator, there’s probably some way that iptables can be a great use to you. Read on as we show you how to configure the most versatile Linux firewall.

About iptables

iptables is a command-line firewall utility that uses policy chains to allow or block traffic. When a connection tries to establish itself on your system, iptables looks for a rule in its list to match it to. If it doesn’t find one, it resorts to the default action.

iptables almost always comes pre-installed on any Linux distribution. To update/install it, just retrieve the iptables package:

sudo apt-get install iptables

There are GUI alternatives to iptables like Firestarter, but iptables isn’t really that hard once you have a few commands down. You want to be extremely careful when configuring iptables rules, particularly if you’re SSH’d into a server, because one wrong command can permanently lock you out until it’s manually fixed at the physical machine.

$299 REGISTERS YOU FOR OUR NEWEST SELF PACED COURSE! LFD201 – INTRODUCTION TO OPEN SOURCE DEVELOPMENT, GIT, AND LINUX!

Types of Chains

iptables uses three different chains: input, forward, and output.

Input – This chain is used to control the behavior for incoming connections. For example, if a user attempts to SSH into your PC/server, iptables will attempt to match the IP address and port to a rule in the input chain.

Forward – This chain is used for incoming connections that aren’t actually being delivered locally. Think of a router – data is always being sent to it but rarely actually destined for the router itself; the data is just forwarded to its target. Unless you’re doing some kind of routing, NATing, or something else on your system that requires forwarding, you won’t even use this chain.

There’s one sure-fire way to check whether or not your system uses/needs the forward chain.

iptables -L -v

The screenshot above is of a server that’s been running for a few weeks and has no restrictions on incoming or outgoing connections. As you can see, the input chain has processed 11GB of packets and the output chain has processed 17GB. The forward chain, on the other hand, has not needed to process a single packet. This is because the server isn’t doing any kind of forwarding or being used as a pass-through device.

REGISTER TODAY FOR YOUR KUBERNETES FOR DEVELOPERS (LFD259) COURSE AND CKAD CERTIFICATION TODAY! $499!

Output – This chain is used for outgoing connections. For example, if you try to ping howtogeek.com, iptables will check its output chain to see what the rules are regarding ping and howtogeek.com before making a decision to allow or deny the connection attempt.

The caveat

Even though pinging an external host seems like something that would only need to traverse the output chain, keep in mind that to return the data, the input chain will be used as well. When using iptables to lock down your system, remember that a lot of protocols will require two-way communication, so both the input and output chains will need to be configured properly. SSH is a common protocol that people forget to allow on both chains.

Policy Chain Default Behavior

Before going in and configuring specific rules, you’ll want to decide what you want the default behavior of the three chains to be. In other words, what do you want iptables to do if the connection doesn’t match any existing rules?

To see what your policy chains are currently configured to do with unmatched traffic, run the iptables -L command.

As you can see, we also used the grep command to give us cleaner output. In that screenshot, our chains are currently figured to accept traffic.

More times than not, you’ll want your system to accept connections by default. Unless you’ve changed the policy chain rules previously, this setting should already be configured. Either way, here’s the command to accept connections by default:

iptables –policy INPUT ACCEPT

iptables –policy OUTPUT ACCEPTiptables –policy FORWARD ACCEPT

By defaulting to the accept rule, you can then use iptables to deny specific IP addresses or port numbers, while continuing to accept all other connections. We’ll get to those commands in a minute.

If you would rather deny all connections and manually specify which ones you want to allow to connect, you should change the default policy of your chains to drop. Doing this would probably only be useful for servers that contain sensitive information and only ever have the same IP addresses connect to them.

iptables –policy INPUT DROP

iptables –policy OUTPUT DROPiptables –policy FORWARD DROP

Connection-specific Responses

With your default chain policies configured, you can start adding rules to iptables so it knows what to do when it encounters a connection from or to a particular IP address or port. In this guide, we’re going to go over the three most basic and commonly used “responses”.

Accept – Allow the connection.

Drop – Drop the connection, act like it never happened. This is best if you don’t want the source to realize your system exists.

Reject – Don’t allow the connection, but send back an error. This is best if you don’t want a particular source to connect to your system, but you want them to know that your firewall blocked them.

The best way to show the difference between these three rules is to show what it looks like when a PC tries to ping a Linux machine with iptables configured for each one of these settings.

Hyperledger Fabric Fundamentals (LFD271) $299

Allowing the connection:

Dropping the connection:

Rejecting the connection:

Allowing or Blocking Specific Connections

With your policy chains configured, you can now configure iptables to allow or block specific addresses, address ranges, and ports. In these examples, we’ll set the connections to DROP, but you can switch them to ACCEPT or REJECT, depending on your needs and how you configured your policy chains.

Note: In these examples, we’re going to use iptables -A to append rules to the existing chain. iptables starts at the top of its list and goes through each rule until it finds one that it matches. If you need to insert a rule above another, you can use iptables -I [chain] [number] to specify the number it should be in the list.

Connections from a single IP address

This example shows how to block all connections from the IP address 10.10.10.10.

iptables -A INPUT -s 10.10.10.10 -j DROP

Connections from a range of IP addresses

This example shows how to block all of the IP addresses in the 10.10.10.0/24 network range. You can use a netmask or standard slash notation to specify the range of IP addresses.

iptables -A INPUT -s 10.10.10.0/24 -j DROP

or

iptables -A INPUT -s 10.10.10.0/255.255.255.0 -j DROP

Connections to a specific port

This example shows how to block SSH connections from 10.10.10.10.

iptables -A INPUT -p tcp –dport ssh -s 10.10.10.10 -j DROP

You can replace “ssh” with any protocol or port number. The -p tcp part of the code tells iptables what kind of connection the protocol uses. If you were blocking a protocol that uses UDP rather than TCP, then -p udp would be necessary instead.

This example shows how to block SSH connections from any IP address.

iptables -A INPUT -p tcp –dport ssh -j DROP

Connection States

As we mentioned earlier, a lot of protocols are going to require two-way communication. For example, if you want to allow SSH connections to your system, the input and output chains are going to need a rule added to them. But, what if you only want SSH coming into your system to be allowed? Won’t adding a rule to the output chain also allow outgoing SSH attempts?

That’s where connection states come in, which give you the capability you’d need to allow two way communication but only allow one way connections to be established. Take a look at this example, where SSH connections FROM 10.10.10.10 are permitted, but SSH connections TO 10.10.10.10 are not. However, the system is permitted to send back information over SSH as long as the session has already been established, which makes SSH communication possible between these two hosts.

iptables -A INPUT -p tcp –dport ssh -s 10.10.10.10 -m state –state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp –sport 22 -d 10.10.10.10 -m state –state ESTABLISHED -j ACCEPT

Saving Changes

The changes that you make to your iptables rules will be scrapped the next time that the iptables service gets restarted unless you execute a command to save the changes. This command can differ depending on your distribution:

Ubuntu:

sudo /sbin/iptables-save

Red Hat / CentOS:

/sbin/service iptables save

Or

/etc/init.d/iptables save

Other Commands

List the currently configured iptables rules:

iptables -L

Adding the -v option will give you packet and byte information, and adding -n will list everything numerically. In other words – hostnames, protocols, and networks are listed as numbers.

To clear all the currently configured rules, you can issue the flush command.

iptables -F

Source

Nov 13, 2018 12:20 PM PT

Google announced support for a range of new Android tools for application developers, chief among them the creation of a new support category for foldable devices, at last week’s Developers Summit.

After years of teasing and speculation, it finally looks as though foldable screen smartphones are headed to market. Google’s dev announcement followed closely on the heels of Samsung’s announcement at its own developer conference of a folding phone/tablet prototype with Infinity Flex Display.

The Android tools will take advantage of the new display technology, which literally bends and folds, noted Stephanie Cuthbertson, director of product management at Google. The technology is based on two variations of screen design: two-screen devices and one-screen devices.

Either way, the new devices will look like phones when folded, so they will fit into a pocket or purse. When unfolded, they will display screen continuity seamlessly. For example, as the device unfolds with an active image already in use, the image will transfer to the bigger screen without flutters or distortions.

“Official support from the Android development team means that folding phones are being taken seriously as a new type of device,” said Brandon Ackroyd, head of customer insight at
Tiger Mobiles.

Marketability Unknown

Consumer interest in owning foldable devices is still an unknown factor. It might turn out that if they build them, no one will come.

While Google’s new developer support augurs well for Samsung and other manufacturers working on foldable devices, Ackroyd does not think it means foldable phones are going to be the must-have product of the future.

“Right now, I don’t see the use case or any apparent advantages,” he told LinuxInsider. “What I do see, however, is a proof-of-concept of this type of foldable screen technology, and I think we’re going to see many different products make use of this soon. Perhaps [it will become] the next-generation type wearable that fully wraps around your wrist.”

Foldable mobile devices are not guaranteed to be successful as the technology transitions from concept to reality, observed Charles King, principal analyst at Pund-IT.

“In many ways, smartphone users are the world’s largest community of lab rats, in the sense that so many are willing to follow wherever handset makers lead in terms of new features and functions,” he told LinuxInsider.

It was not so long ago that oversized smartphones made by a few adventuresome vendors were dismissively called “phablets,” he recalled, but today, larger form factors dominate the high end of the market.

Foldables could catch on among consumers who are tired of lugging around phones that resemble paperback books. Those consumers still want large displays for media consumption.

“It will be interesting to see whether that happens, or if buyers simply stick with the designs they know,” said King.

Flexible Future

Given the resources that are available today, manufacturers have a good shot at making foldable screen devices appealing to consumers, suggested Rob Webber, CEO of
MoneySavingPro.

Futuristic-looking foldable smartphones have always been a dream concept, he noted.

“Smartphones have evolved dramatically since they were first invented, especially their displays,” Webber told LinuxInsider, recalling the stylus input before Apple introduced touchscreens that were able to react to the electrical impulses generated by the user’s fingers.

“Now we’re at a stage where edge-to-edge displays are the norm. Some could say that foldable displays are just the next rung on the ladder,” he said.

However, it’s unlikely the new technology will be a simple transition, Webber added. It will face many obstacles before the technology advances. The key to the foldable mobile device being a success is hardware and software integration, which will take time for manufacturers to perfect.

Cost also might be an issue. With the continually rising prices of new smartphones, if foldable devices are going to cost significantly more, they may appeal only to a very niche market, Webber reasoned.

“Having said that, I think we are currently at an exciting stage that marks the beginning of an emerging battle between manufacturers and the start of a very flexible future,” he said.

Potential Exploit and Failure

Money may not be the only cost factor consumers will face if foldable screens catch on. Smaller yet expanding devices may be more appealing to hackers than to consumers, warned Mike Banic, vice president of marketing at
Vectra.

The number of Web searches performed on a mobile device has been increasing steadily. New mobile technology that makes it easier to use mobile devices to create as well as consume information means that attackers will exploit the trend, he told LinuxInsider.

Additionally, the number of mobile vulnerabilities is highest on Android apps, largely due to its open source nature and the questionable security of third-party app stores, Banic said.

“Mechanicals could introduce a point of failure that may cause adoption to stumble,” he noted.

Google Dev Support Wrapup

Google’s plan to bring more Android tools to app developers is part of an ongoing program. The Dev Summit announcements suggest the company has decided to take an aggressive approach.

The new features will be rolled out to a number of developers who are considered “partners.” Availability then will expand further to devs before they eventually become accessible to all.

“It is a solid group of announcements that most Android developers will welcome,” said Pund-IT’s King. “At a time when smartphone market growth appears to have stalled, introducing support for new features and form factors could offer Android device makers what they need to make their products stand out from the crowd and attract customer interest.”

• Updates to Kotlin Programming LanguageKotlin is not a Google-developed language, but it is one that devs have favored. Last week,
  JetBrains released the latest version of Kotlin, 1.3, which brings new language features, APIs, bug fixes and performance improvements.

  It has become the fastest-growing language, in terms of the number of contributors on GitHub, and has been voted the second most-loved language on Stack Overflow.

  In Google’s surveys, the more developers use Kotlin, the higher their satisfaction, according to Google’s Cuthbertson.

• Android JetpackGoogle announced new Jetpack libraries, the next generation of tools and Android APIs to accelerate Android application development. It contains two new Architecture Component libraries: Navigation and Work Manager, that will move to Beta this month.

  The Navigation Architecture Component offers a simplified way to implement Android’s navigation principles in an application. Plus, the new Navigation Editor in Android Studio creates and edits navigation architecture.

  

  Jetpack Navigation Editor

  This eliminates navigation boilerplate while adding atomic navigation operations with easier animated transitions and more. WorkManager makes it easy to perform background tasks in the most efficient manner, choosing the most appropriate solution based on the application state and device API level.

• SlicesGoogle moves Android Slices to public Search experiments. Slices is a new way to bring users to an app. It works like a mini snippet of an app that surfaces content and actions.

  “Aside from the foldable announcement, the most interesting angle was the further development of Google Slices. This new concept allows Android apps to push relevant components and features of their apps into other places, such as the Google Search,” said Tiger Mobiles’ Ackroyd.

  By loading a small part of an app right from the search results, users can get a near-native app experience without actually fully opening the app, he said. For example, if you google ‘What is the Tesla stock price?’ and you have a stocks app installed, that app can use a ‘slice’ to give you the info.

  Google announced the concept of Slices with Android 9 Pie. This new paradigm allows apps to surface relevant components and features in natural places, like Google Search.

  This month, Google will make Slices available as part of a public Early Access Program with partners. Google also will begin experiments in the Search app to surface various Slices when relevant.

• Android StudioAndroid Studio, Google’s official IDE for Android development, has a new focus on productivity, build speed, quality and fundamentals.

  Google launched Android Studio 3.3 beta 3 last week. Upcoming releases will add a strong focus on quality and fundamentals. Google also announced the development of Android Studio on Chrome OS early next year.

• Android App Bundles and Dynamic FeaturesThe Android App Bundle is the new publishing format that serves only the code and resources users need to run an app on their specific devices. It will reduce app sizes with an average of 35-40 percent savings compared to a universal APK.

  The app bundle now supports uncompressed native libraries. With no additional developer work needed, the app bundle now makes apps using native libraries an average of 8 percent smaller to download and 16 percent smaller on disk on M+ devices.

• In-app Updates APIGoogle is giving devs more controls to ensure that users run the latest and greatest version of their apps. In-app Updates API will give devs two options.

  The first is a full-screen experience for critical updates when you expect the user to want the update to be applied immediately.

  The second option is a flexible update. It lets users continue with the existing installed version while the update is downloaded. The developer can use it to ensure that users have the most up-to-date version, because the app can be pushed to install in the background using the automatic updates feature.

• Instant DiscoveryGoogle hopes to make instant apps easier to adopt. The company recently made the use of Web URLs optional, so devs can send their existing Play Store deep link traffic to their instant experience if it is available.

  Also, Google raised the instant app size limit to 10 MB for the Try Now button on the Play Store and Web banners for greater adoption ease.
  

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software.
Email Jack.

Source