Linux Blimp

News briefs for October 22, 2018.

Greg Kroah-Hartman released
Linux kernel 4.19 this morning and handed the kernel tree back to
Linus, writing “You can have the joy of dealing with the merge window.”

Linus Torvalds “is meeting with Linux’s top 40 or so
developers at the Maintainers’ Summit”, at the Open Source Summit Europe in
Edinburgh, Scotland, ZDNet
reports. He isn’t scheduled to speak, but “this is his first step back
in taking over Linux’s reins.”

Linspire
8.0 RC1 was released over the weekend. The stable release is
expected in December (don’t use this release in production environments),
and RC2, which should be more feature-complete, is expected in November.
Among other changes, in this version, iMac Pro support has been improved
and Oracle Java is now in the repositories. It uses the MATE 1.20.1
desktop, kernel 4.15 and Chrome 69.

IPFire 2.21 – Core Update 124 is out, and according to the release
announcement, it “brings new features and immensely improves security and
performance of the whole system”. It’s now available on AWS
EC2, is
updated to kernel version 4.14.72 and the security of its SSH daemon has
been improved, among other new features.

A recently discovered Apache vulnerability could affect thousands of
applications. Dark
Reading reports that the issue is with “the way that thousands of code
projects are using Apache .htaccess, leaving them vulnerable to
unauthorized access and a subsequent file upload attack in which
auto-executing code is uploaded to an application.”

Source

 

 

Last week following the launch of the RTX 2070 Turing graphics cards, I carried out some initial RTX 2070 compute benchmarks including of TensorFlow and more common OpenCL/CUDA workloads. The GPU compute performance for this $499+ Turing GPU was quite good and especially for INT16 test cases often beating the GTX 1080 Ti. Available now are the Linux gaming benchmarks for the GeForce RTX 2070 compared to an assortment of other NVIDIA GeForce and AMD Radeon graphics cards on Ubuntu 18.10.

 

 

As a quick recap, the GeForce RTX 2070 has 2304 CUDA cores, 1410MHz base clock, 1620MHz boost clock, and is capable of 42T RTX-OPS and 6 Giga Rays/s for ray-tracing, granted it will likely be some time before seeing any serious Linux games with RTX/ray-tracing support. The GeForce RTX 2070 graphics cards rely upon 8GB of GDDR6 video memory yielding 448GB/s of memory bandwidth.

 

 

The base pricing of the GeForce RTX 2070 starts at $499 USD while the Founder’s Edition retails for $599. With not receiving a review sample, I ended up buying the EVGA GeForce RTX 2070 XC GAMING (08G-P4-2172-KR). This EVGA GeForce RTX 2070 model ended up costing $549 USD and was the cheapest model available on launch day but since then more RTX 2070 graphics cards from NVIDIA’s AIB partners have become available, including around the $500 price point.

 

 

These GeForce RTX 2070 Linux gaming benchmarks were done using Ubuntu 18.10. All of the NVIDIA tests were done with the latest NVIDIA 410.66 driver while on the Radeon side was using the Linux 4.18 kernel and Mesa 18.2.2 as shipped by Ubuntu 18.10; while normally I am using Mesa Git for Radeon gaming benchmarks, currently there are several regressions leading to lower performance, etc. So for this comparison Mesa 18.2.2 + Linux 4.18 as the latest stable code makes the most sense.

 

The graphics cards freshly tested this comparison included the:

 

– GeForce GTX 970

– GeForce GTX 980

– GeForce GTX 980 Ti

– GeForce GTX TITAN X

– GeForce GTX 1060

– GeForce GTX 1070

– GeForce GTX 1070 Ti

– GeForce GTX 1080

– GeForce GTX 1080 Ti

– GeForce RTX 2070

– GeForce RTX 2080 Ti

– Radeon RX 580

– Radeon RX Vega 56

– Radeon RX Vega 64

 

 

A variety of Linux-native OpenGL and Vulkan games were tested on the brand new Core i9 9900K system, making for an even more interesting comparison. All of the benchmarks were carried out via the Phoronix Test Suite and in addition to the raw gaming performance are also performance-per-Watt and performance-per-dollar metrics.

 

Before getting to the results, if you appreciate all of my Linux hardware benchmarking, consider showing your support by joining Phoronix Premium to get access to the site ad-free, multi-page articles on a single page, and other benefits — that and PayPal tips also make it possible to purchase hardware such as the EVGA RTX 2070 used in this review.

Source

How create Mysql User, Database and set privileges to user on linux?

How create Mysql User, Database and set privileges to user

[ravi@linuxforfreshers.com~]$ mysql –u
root –p

password:

mysql> create user ‘ravi’@’localhost’
identified by ‘123456’;

mysql> create database if not
exists `ravidb`;

mysql> grant all on ravidb.* to ravi@linuxforfreshers.com
identified by “123456” with grant option;

[ravi@linuxforfreshers.com~]$ mysql ravidb
-u ravi -p

mysql> show databases;

mysql> use ravidb;

Source

Oct 22, 2018, 04:00 (Other stories by Marius Nestor)

Google’s engineers have been working for months to add Picture-in-Picture (PiP) support to the Google Chrome web browser, but the long-anticipated feature is finally here, enabled by default in the latest version for Linux, Mac, and Windows operating systems. The feature lets you detach a video in a floating window so you can watch it while doing something else on your computer. Picture-in-Picture (PiP) in Google Chrome works only on websites that implement this feature in their media player, but it can be enabled on any website with the Picture-in-Picture extension created by Fran??ois Beaufort. For YouTube videos, Chrome users will have to right-click twice on the playing video and choose the “Picture in picture” option.

Complete Story

Source

Mod_deflate is an apache module. Prior to having mod_deflate it was mod_gzip. Post apache 2.0 mod_deflate is used, it provides a slightly better compression than mod_gzip. It allows the size of certain file types to be compressed which in-turn allows clients to be able to download these files faster. This will cause the site itself to load faster for the clients as well as part of the formula for better page ranking. You can read more about mod_deflate on Apache.org.

Requirements:

This guide assumes you already have Apache running as a webserver. If you don’t, please see Install Apache on CentOS

Enable the mod_deflate module

The deflate module is part of the apache core package, so there is no need to compile additional modules, all that is required is to enable in the Apache configuration.

Verify its not already loaded:

# httpd -M 2>&1|grep deflate
#

Edit the main Apache configuration:

nano /etc/httpd/conf/httpd.conf

Un-comment the following line:

LoadModule deflate_module lib/apache/mod_deflate.soRestart apache to confirm the module loaded

service httpd restart

Check for the loaded module again, you should see it return a result

# httpd -M 2>&1|grep deflate
deflate_module (shared)

Configure mod_deflate

Create a new configuration file:

nano /etc/httpd/conf.d/deflate.conf

Add the following

<filesMatch “.(js|.css|html|txt)$”>
SetOutputFilter DEFLATE
</filesMatch>
DeflateCompressionLevel 7
DeflateMemLevel 8
DeflateWindowSize 10

DeflateCompressionLevel – this is the compression level applied, the default is 9, which is the highest level. The higher the compression level the more CPU it will use.
DeflateMemLevel – The amount of memory zlib, the compressing library can use. The default value is also 9, which is the highest.
DeflateWindowSize – The compression window size. By default the value is 15 which is the highest level.

This will compress .js, .css, .html, and .txt files. Attempting to compress images will actually return a larger file size so mod_deflate only really provides an advantage on text based files.

Once you have added the configuration settings, you would then just restart Apache to load everything in.

service httpd restart

That is it for adding mod_deflate to Apache.

Jun 26, 2017LinuxAdmin.io

Source

Source: DarkReading – Posted by Brittany Day

Vulnerabilities in Apache functions have been at the root of significant breaches, including the one suffered by Equifax. Now new research indicates that another such vulnerability may be putting thousands of applications at risk. Lawrence Cashdollar, a vulnerability researcher and member of Akamai’s Security Incident Response Team, found an issue with the way that thousands of code projects are using Apache .htaccess, leaving them vulnerable to unauthorized access and a subsequent file upload attack in which auto-executing code is uploaded to an application.

Read this full article at DarkReading

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

Source

Kali Linux 2017.1 Xfce Installation on VMware Workstation

This video tutorial shows

Kali Linux 2017.1 Xfce installation

on VMware Workstation/Player step by step. This tutorial is also helpful to install Kali Linux Xfce 2017 on physical computer or laptop hardware. We also install

VMware Tools

(Open VM Tools) on Kali Linux 2017 Xfce for better performance and usability features such as Fit Guest Now, Drag-Drop File and Clipboard Sharing.

Kali Linux 2017.1 Xfce Desktop Installation Steps:

1. Download Kali Linux 2017.1 Xfce ISO
2. Create Virtual Machine on VMware Workstation/Player
3. Start Kali Linux 2017.1 Xfce Installation
4. Install VMware Tools (Open VM Tools)
5. Test VMware Tools Features: Fit Guest Now, Drag-Drop File and Clipboard Sharing

 

Kali Linux 2017.1 New Features and Improvements

Kali Linux

is a Debian-based distribution which features several security and forensics tools. Kali Linux 2017.1 features drivers for RTL8812AU wireless chipsets, improved GPU support and there are now Azure and AWS images of Kali Linux for cloud instances. Kali Linux 2017.1 brings with it a bunch of exciting updates and features. As with all new releases, you have the common denominator of updated packages, an updated kernel that provides more and better hardware support, as well as a slew of updated tools.

Kali Linux Website:

https://www.kali.org/

What is Xfce Desktop Environment?

Xfce is a lightweight desktop environment for UNIX-like operating systems. It aims to be fast and low on system resources, while still being visually appealing and user friendly. It includes a window manager, a file manager, desktop and panel.

Xfce Desktop Website:

https://www.xfce.org/

Hope you found this Kali Linux 2017.1 Xfce installation tutorial helpful and informative. Please consider sharing it. Your feedback and questions are welcome!

Source

One of the great aspects of Linux is the customization that users can adopt to make their experience unique, and one of the easiest customization features is that of the desktop, with wallpapers. Usually, setting a wallpaper is as simple as right-clicking on the Desktop to bring up the Wallpaper manager and making a choice, but what if you have multiple monitors and would like a different image on each?

Release the Hydra! (paper)

HydraPaper is a slick tool that lets you set a different background on each monitor within the GNOME desktop. It is built with the GTK toolset which means that compatibility should be good, as will downloading the necessary dependencies. The application also supports MATE and Budgie desktops, but for this article we are concerned with GNOME.

Installation

By far the easiest way to install HydraPaper is via Flatpak and FlatHub.

To install Flatpak on Ubuntu, open a Terminal, add the PPA, and type the following commands:

sudo apt-add-repository ppa:alexlarsson/flatpak

Once this is done, then update to load the new repository and install with the following:

sudo apt-get update && apt-get install gnome-software-plugin-flatpak

After this is complete, if you decide to use FlatHub (which makes things easier) then add the repository:

sudo flatpak remote-add –if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo

Now restart your system.

Flatpak apps will be available within the Ubuntu Software Center. Search for HydraPaper, and it should appear. When it does, then simply click to install as you would any other package in Ubuntu.

Additionally, Flatpak is now supported in several major distributions, meaning it is widely accessible to users. You can find full instructions for your distribution of choice here.

Ready, Set … Wallpaper!

Once installed, the application can be found in the normal Applications menu. Click on it to start as you would any other application. When it opens, the images within your Pictures folder will be displayed, which is the default location. Should you wish to change this, you can.

Add your own folders where you keep images, and then these can be used. However, one caveat is that the application doesn’t dig down into your folders for nested folders and the images within them. Only those within the top folder will be selected.

One great aspect of the application is the ease of use.

By clicking on the icon in the upper-left corner, you can choose your image folders. Then once these are loaded, it is just a case of clicking the wallpaper that you want on the respective monitor. HydraPaper will also identify the monitors that are connected and distinguish between them based on their connection type. As you can see below, it supports HDMI, DVI and others.

HydraPaper will also remember the wallpaper selections that you pick between reboots.

At this point it seems HydraPaper is pretty flawless. However, it is not all great news. There are times when HydraPaper tends to combine wallpapers that have previously been used across separate monitors into one image. This happens when you remove the external monitor or if your connection somehow fails. It joins them together, which can look fairly garish if you have two contrasting images creating a split-screen effect.

Neither does the application support more than two monitors. For this you would need an alternative solution such as Syncwall. Unfortunately, the only place I could find online was here and mainly for Ubuntu-based systems.

Uninstalling HydraPaper

Should you desire, you can uninstall HydraPaper by entering the following in the Terminal:

sudo flatpak uninstall org.gabmus.hydrapaper

So what do you think? Is HydraPaper going to be the way that you pick your wallpapers from now on, or do you have a much easier or perhaps effective method? Let us know in the comments section.

Source

Bridge Constructor Portal, the rather amusing cross-over has been updated with a built-in level editor along with Steam Workshop support.

See Also: My previous thoughts on the game.

This was a feature that I weirdly didn’t consider back when trying it out originally in December of last year. While it has quite a number of levels built in, it’s certainly a game that benefits greatly from community made content. It helps player engagement and helps to increase the lifespan of games quite a bit when done right.

Pictured: A level from the Steam Workshop.

The fact that the level editor is built-in is good for us too, since it means Linux gamers can build, upload and download new levels to try out. The editor allows you to adjust the entry and exit for the test vehicles, add portals, buttons, hazardous goo, ramps and all sorts. It’s actually quite amusing, since it allows you to quickly test and edit any time and it’s really easy to use.

The only slight annoyance is that you need to reload the game after downloading levels, would have been better if it detected, downloaded and then updated the list without needing to do so. Aside from that, it’s a great addition to an already fun game.

Find it on Humble Store and Steam.

Source

CloudLinux 6 kernel version 2.6.32-954.3.5.lve1.4.58 is now available for download from our production repository.

Fixed CVE list:

• CVE-2018-3620, CVE-2018-3646: Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks.
• CVE-2018-3693: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor’s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks.
• CVE-2018-5390: A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses.
• CVE-2018-3639: Kernel Side-Channel Attack using Speculative Store Bypass. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor’s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.
• CVE-2018-10901: A flaw was found in Linux kernel’s KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host’s userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.
• CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info() function in the ALSA subsystem in the Linux kernel allows attackers to induce a kernel memory corruption and possibly crash or lock up a system. Due to the nature of the flaw, a privilege escalation cannot be fully ruled out, although we believe it is unlikely.
• CVE-2018-7566: ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access.
• CVE-2018-1000004: In the Linux kernel versions 4.12, 3.10, 2.6, and possibly earlier, a race condition vulnerability exists in the sound system allowing for a potential deadlock and memory corruption due to use-after-free condition and thus denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.

Bugfixes:

• CKSIX-198: fixed ext4 file system Read-only remounts with Memory limits applied;
• CKSIX-190: disabled the ‘atomic file position’ mode due to possible locking starvation when IO limits are used;
• CKSIX-189: FS: fixed reference counting in user quotas;
• CKSIX-202: fixed Xen PV guest booting.

To update the kernel, run:

yum install kernel-2.6.32-954.3.5.lve1.4.58.el6

Source