Linux Blimp

Bridge Constructor Portal, the rather amusing cross-over has been updated with a built-in level editor along with Steam Workshop support.

See Also: My previous thoughts on the game.

This was a feature that I weirdly didn’t consider back when trying it out originally in December of last year. While it has quite a number of levels built in, it’s certainly a game that benefits greatly from community made content. It helps player engagement and helps to increase the lifespan of games quite a bit when done right.

Pictured: A level from the Steam Workshop.

The fact that the level editor is built-in is good for us too, since it means Linux gamers can build, upload and download new levels to try out. The editor allows you to adjust the entry and exit for the test vehicles, add portals, buttons, hazardous goo, ramps and all sorts. It’s actually quite amusing, since it allows you to quickly test and edit any time and it’s really easy to use.

The only slight annoyance is that you need to reload the game after downloading levels, would have been better if it detected, downloaded and then updated the list without needing to do so. Aside from that, it’s a great addition to an already fun game.

Find it on Humble Store and Steam.

Source

CloudLinux 6 kernel version 2.6.32-954.3.5.lve1.4.58 is now available for download from our production repository.

Fixed CVE list:

• CVE-2018-3620, CVE-2018-3646: Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks.
• CVE-2018-3693: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor’s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks.
• CVE-2018-5390: A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses.
• CVE-2018-3639: Kernel Side-Channel Attack using Speculative Store Bypass. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor’s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.
• CVE-2018-10901: A flaw was found in Linux kernel’s KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host’s userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.
• CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info() function in the ALSA subsystem in the Linux kernel allows attackers to induce a kernel memory corruption and possibly crash or lock up a system. Due to the nature of the flaw, a privilege escalation cannot be fully ruled out, although we believe it is unlikely.
• CVE-2018-7566: ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access.
• CVE-2018-1000004: In the Linux kernel versions 4.12, 3.10, 2.6, and possibly earlier, a race condition vulnerability exists in the sound system allowing for a potential deadlock and memory corruption due to use-after-free condition and thus denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.

Bugfixes:

• CKSIX-198: fixed ext4 file system Read-only remounts with Memory limits applied;
• CKSIX-190: disabled the ‘atomic file position’ mode due to possible locking starvation when IO limits are used;
• CKSIX-189: FS: fixed reference counting in user quotas;
• CKSIX-202: fixed Xen PV guest booting.

To update the kernel, run:

yum install kernel-2.6.32-954.3.5.lve1.4.58.el6

Source

Red Hat’s new vice president and general manager of its RHEL Business Unit, Stefanie Chiras, enthusiastically embraces the growing importance of Linux.

While you may not spend a lot of time thinking about this, the role Linux plays in the technology that we all use everyday is growing quite significantly. In an effort to more fully appreciate this, I had an opportunity to speak with the new vice resident and general manager of Red Hat’s RHEL Business Unit — Dr. Stefanie Chiras — and ask about her vision for RHEL and Linux in general. She was very enthusiastic — not just for Red Hat, but for the open source movement overall and the rising importance of Linux.

Chiras started with Red Hat in July — not quite four months ago — and already describes herself as a “true Red Hatter.” She explained that she has had a serious focus on Linux for the last six years or more. As she points out, we all do development differently these days because of the open source movement. The changes in just the last five years have moved us to very different ways of doing things whether we’re working on public or private clouds, containers, or bare metal.

During the interview, I learned to properly pronounce “RHEL,” which I’d in the past always expanded to its full name (Red Hat Enterprise Linux). Chiras — and probably everyone else at Red Hat — simply says “rel” as in the beginning of “relevant.”

Chiras was most excited about joining Red Hat at what she sees as a pivotal point with Linux providing greater stability and security and the rapid current of innovation. Developers are increasingly turning to Linux for rapid deployment, using tools such as OpenShift for rapid delivery.

Linux is everywhere

Linux is playing an increasingly important role in all of our lives. In fact, it has become one of the most important pieces of computer software in the world. Even those of us who don’t own or manage Linux systems probably use it every day — on our phones and tablets, through the web pages that we frequent, when we check our friends’ Facebook pages, when we find our way to websites using Google, or when we research topics on Wikipedia. Those of us who manage Linux systems have probably noticed that we’re not so much the oddballs on the tech staff that we were five or 10 years ago. The systems we set up and manage are moving to the mainstream and providing more important services than they ever did in the past.

What the increase in Linux means to us

Linux skills are increasingly valuable. Regardless of the technology in use, the OS is just as important as ever — on every platform and not at all diminished.

How everything comes together is vital and exciting. Open source and Linux in particular have dramatically changed the computing world and brought us to an increasingly flexible, powerful, and fast moving technological landing pad. Developers and Linux professionals are as important as ever. Put on your seat belts, and try to keep up. We’re all going places, and the technology that’s moving us forward is very exciting.

Join the Network World communities on  Facebook      and    LinkedIn

to comment on topics that are top of mind.

Sandra Henry-Stocker has been administering Unix systems for more than 30 years. She describes herself as “USL” (Unix as a second language) but remembers enough English to write books and buy groceries. She lives in the mountains in Virginia where, when not working with or writing about Unix, she’s chasing the bears away from her bird feeders.

Source

Last updated September 11, 2018 By Avimanyu Bandyopadhyay

Besides Switzerland and the USA, Japan is now the most recent implementer of Blockchain in its voting system. Let’s take a look at the news in brief and also the current challenges in the model. Can Open Source help in tackling them?

To learn more on Blockchain, please look into one of our previous articles where we have discussed Blockchain in detail.

First let us look into the voting system into which Blockchain was implemented at Tsukuba, Japan.

Like there is the allocation of Social Security Number (SSN) in the USA, Japan has a similar system called My Number that was launched in October 2015, which is a unique 12 digit identification number.

By transferring and integrating all of these records into a Blockchain, voters can now be uniquely identified digitally, making the voting process very convenient, as described by the mayor of Tsukuba, Tatsuo Igarashi:

“I had thought [Blockchain] would involve more complicated procedures, but I found that it’s minimal and easy.”

Tsukuba Mayor, Tatsuo Igarashi

The following video highlights his views and also mentions a setback in the new system.

Complete details of the initiative (translated) are available on the Tsukuba city page.

Though integrating Blockchain with the “My Number” system makes the voting process easier, there really are some notable setbacks, one of which is described in the video that needs to be dealt with in order to improve this voting system.

Tackling Blockchain based Voting System Challenges with an Open Source Approach

The first setback is a necessary requirement to remember passwords as shown in the video above. It’s a common scenario where voters can easily forget them.

Well, a solution to eliminate such an issue could be initiatives like Remme.io, where they are building an Open Source Distributed Public Key Infrastructure (PKI) protocol to make passwordless authentication possible. This Open Source code base is freely accessible on GitHub. There are more passwordless authorization systems from six other Blockchain solution providers as well:

Obtained from Remme’s business model overview report located here

Another challenge is probable fear among people about how trustworthy this system really is.

Prof. Kazunori Kawamura of Tohoku University, who is already familiar with online voting and specializes in Political Informatics, expressed his views on the same:

“Due to fears of errors, administrative organizations and election boards are likely to find it difficult to introduce [Blockchain].”

Tohoku University Prof. Kazunori Kawamura

The best way to tackle this situation would be to bring in the use of Open Standards, which would make the entire model transparent (We have mentioned Open Standards in our first Science article). Tech Communities can come together in raising awareness about this new Blockchain based model to encourage more people to adopt this system.

Code that is being used for the development of Blockchain based platforms can be declared Open Source, to enable experts in the field to easily contribute to making eVoting better and better. One example for this is Democracy.earth, who have their entire code base available on GitHub.

It should be noted that Japan has indeed adopted an Open Model into its Blockchain practices before conducting this voting experiment. A Japanese Internet Giant launched an Open Source Blockchain Project on July 6 last year.

Also, on June 26 and 27 this year, Japan held their first International Blockchain Conference at Tokyo, where more than 100 technologists participated in sharing their knowledge in the field, with approximately 10,000 visitors!

Do you like the idea of an Open Source powered Blockchain based Voting System? Would you like your locality to adopt the idea? Feel free to share your thoughts about it in the comments section below.

About Avimanyu Bandyopadhyay

Avimanyu is a Doctoral Researcher on GPU-based Bioinformatics and a big-time Linux fan. He strongly believes in the significance of Linux and FOSS in Scientific Research. Deep Learning with GPUs is his new excitement! He is a very passionate video gamer (his other side) and loves playing games on Linux, Windows and PS4 while wishing that all Windows/Xbox One/PS4 exclusive games get support on Linux some day! Both his research and PC gaming are powered by his own home-built computer. He is also a former Ubisoft Star Player (2016) and mostly goes by the tag “avimanyu786” on web indexes.

Source

The Mozilla Firefox project is a redesign of Mozilla’s browser component, written using the XUL user interface language and designed to be cross-platform, supporting Linux, Android, Microsoft Windows and Mac OS X operating systems. It is a fast, small and very easy-to-use web browser/navigator/explorer that offers many advantages over other similar products, such as the ability to block pop-up windows and the feature-rich tabbed browsing experience.

Features at a glance

The application offers a well designed graphical user interface that integrates search (powered by Google, Bing, Yahoo, etc.), and industry leading accessibility with Find As You Type – find links and page text by simply typing. As mentioned before, the Firefox browser features comprehensive pop-up controls, which will keep unwanted advertising off your desktop. A tab browsing mode will let you open several pages in a single window, allowing you to load links in the background without leaving the page you’re on.

Powerful plugin architecture

Moreover, the Mozilla Firefox web browser includes simplified privacy controls that let you cover your tracks more effectively, a streamlined browser window that allows you see more of the page than any other web browser, while at the same time being more configurable. A large variety of free downloadable extensions and themes that add specific functionality and visual changes to the browser are available to users from the official Mozilla website.

Features a Private Mode

The Private Mode, the ability to Pin tabs, which will always be there when you need them (even after a restart), the powerful Firefox Sync functionality that helps users to keep all of their passwords, bookmarks, browsing history, preferences, tabs, and add-ons in perfect sync across multiple devices, and much more other amazing features are all part of the world’s best web browser, Mozilla Firefox.

Better than Google Chrome and Opera

Because the Opera and Google Chrome web browsers are now based on Chromium, which has a poor collection of extensions, the Mozilla Firefox web browser became the number one choice for many Linux-based operating systems, including Ubuntu, Linux Mint, Debian, openSUSE, Fedora, Red Hat Enterprise Linux, and others.

Softpedia uses Mozilla Firefox

Here at Softpedia, we use the Mozilla Firefox web browser everyday on multiple computers with different hardware configurations. The application works exceptionally and it does the job very well, helping us to do our work much better than if we were using a different web surfing product. We strongly recommend to use the Mozilla Firefox web browser for all your Internet surfing needs on a daily basis. You will not regret it!

Source

Securing your Kubernetes cluster is one thing, keeping it secure is a continuous uphill struggle. However, with the introduction of new features to Kubernetes it is becoming much easier to do both.

Kubernetes (as of version 1.6) has introduced the concept of Role-Based Access Control (RBAC), allows administrators to define policies to restrict the actions of users of your cluster. This means it is possible to create a user with limited access, allowing you to restrict access to resources such as Secrets, or by limiting access of that user to a specific Namespace.

This blog post will not look at how to implement RBAC, as there are many decent sources of information that cover it in vast detail:

Instead, this post will focus on how to ensure your business’s compliance and requirements are actually being adhered to and to ensure that we need to test our applied RBAC objects, to ensure they do what we intend them to do.

Read more at Medium

Source

There are different commands on both Linux and UNIX server to see what TCP/UDP ports are listening or open on your server. You can use netstat command, which prints network connections, routing tables, interface statistics, masquerade connections, and multicast memberships, etc.

Method 1:

netstat command to find open ports

ravi@linuxforfreshers.com>>sudo netstat –listen

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 *:1234 *:* LISTEN

tcp 0 0 *:8084 *:* LISTEN

tcp 0 0 192.168.122.1:domain *:* LISTEN

tcp 0 0 *:ssh *:* LISTEN

tcp 0 0 *:ipp *:* LISTEN

tcp 0 0 *:microsoft-ds *:* LISTEN

tcp 0 0 *:7070 *:* LISTEN

tcp 0 0 localhost:mysql *:* LISTEN

tcp 0 0 *:netbios-ssn *:* LISTEN

tcp6 0 0 [::]:ssh [::]:* LISTEN

tcp6 0 0 [::]:ipp [::]:* LISTEN

tcp6 0 0 [::]:microsoft-ds [::]:* LISTEN

tcp6 0 0 [::]:netbios-ssn [::]:* LISTEN

udp 0 0 *:39505 *:*

udp 0 0 *:ipp *:*

udp 0 0 *:mdns *:*

udp 0 0 *:mdns *:*

Active UNIX domain sockets (only servers)

Proto RefCnt Flags Type State I-Node Path

unix 2 [ ACC ] STREAM LISTENING 12950 /var/run/acpid.socket

unix 2 [ ACC ] STREAM LISTENING 18259042 @atpl-com.canonical.Unity.Scope.rhythmbox.T516689809663571

unix 2 [ ACC ] STREAM LISTENING 19096 /run/user/1000/keyring-n7CcyZ/control

unix 2 [ ACC ] STREAM LISTENING 22589 @/tmp/.ICE-unix/3779

unix 2 [ ACC ] STREAM LISTENING 21540 @/tmp/dbus-u6IauIGH5I

To display open ports and established TCP connections, enter:

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 0.0.0.0:1234 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:8084 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:7070 0.0.0.0:* LISTEN

To display only open UDP ports try the following command:

ravi@linuxforfreshers.com>>sudo netstat -vaun

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State

udp 0 0 0.0.0.0:39505 0.0.0.0:*

udp 0 0 0.0.0.0:631 0.0.0.0:*

● -l = only services which are listening on some port

● -n = show port number, don’t try to resolve the service name

● -p = name of the program

To display the list of open ports, enter:

To display all open files, use:

To display all open IPv4 network files in use by the process whose PID is 10050, use:

# lsof -iTCP -sTCP:LISTEN

Quickest way to test if a TCP port is open (including any hardware firewalls you may have), is to type, from a remote computer (e.g. your desktop):

telnet hostip port_number

ravi@linuxforfreshers.com>>telnet 192.168.101.156 22

Trying 192.168.101.156…

Connected to 192.168.101.156

Escape character is ‘^]’.

ravi@linuxforfreshers.com>>telnet localhost 22

ravi@linuxforfreshers.com>>ss -lntu

Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port

tcp UNCONN 0 0 *:39505 *:*

tcp UNCONN 0 0 *:631 *:*

tcp UNCONN 0 0 *:5353 *:*

 

Source

SSH key authentication can be used for password-less login between 2 servers. This is also useful for adding a key to accounts like git or gitlab for version management.

Source Server SSH Key Configuration

Generate a RSA key for this system by typing the following

ssh-keygen -t rsa

The key generated will ask for a location to store the newly created key, the default is the home directory of the user creating it under the .ssh directory. It will also ask you for a password which you optionally leave blank.

Destination Server SSH Key Configuration

On the source server you can use ssh-copy-id to copy over the id_rsa.pub file to the new server. It will use the SSH protocol to copy over the public key and insert it into the authorized_keys file on the destination server. To read more about ssh-copy-id you can read the man page.

ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]Replacing 192.168.1.3 with the appropriate host name of the destination server and user with the user you would like to add the key too.

/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys
[email protected]‘s password:

Number of key(s) added: 1

Now try logging into the machine, with: “ssh ‘[email protected]‘”
and check to make sure that only the key(s) you wanted were added.

Manual SSH Key Configuration on the Destination Server

First verify if you already have a .ssh directory

ls ~/.ssh

If you do not you will want to create the following directory

mkdir ~/.ssh

You will also want to create authorized_keys file

touch ~/.ssh/authorized_keys

You will then want to copy the public key from the source server in to the authorized_keys file. You can do this by copying the id_rsa.pub on the source server.

scp ~/.ssh/id_rsa.pub [email protected]_host:~/.ssh/authorized_keys

Root SSH Key Configuration

If you are adding keys to a root user on the destination server, you will want to ensure the sshd configuration allows remote root logins with either the following 2 options enabled in /etc/ssh/sshd_config

PermitRootLogin yes

Which will allow root logins with both passwords and keys.

PermitRootLogin without-password

Which will allow root logins only with keys

If you modify the ssh configuration, you will need to reload sshd to load the new configuration

/etc/init.d/sshd reload

After you have added the key to the destination server, ssh from the source server it should allow you to login using the key.

Jul 4, 2017LinuxAdmin.io

Source

At work, I’m always working at the Terminal. I have my email (mutt), a few bash terminals for looking after servers and cutting some code, my Facebook messenger (see messer) and my workplace instant messenger of choice, Slack. I combine all of this in tmux, so I can switch workstreams in a keypress or two. No moving those hands off the keyboard. The rodent stays idle.

If you’ve not already heard of Slack, it is quickly becoming one of he most popular instant messaging platforms for workplaces. It integrates with many tools that are commonplace in technology companies, and it is easy to use.

I have tried a number of Terminal based Slack clients, and for various reasons, they’ve always been ditched in favour of the official Linux Slack client, or the website version. They just didn’t work great. Sclack is different, it uses keybindings I’m used to (in my case ViM keybindings), it’s colourful and it even supports giphy! (well, kind of!).

To install Sclack, you’re going to need to have Python 3 & pip3 installed on your machine if you don’t already have it:

sudo apt install python3-pip

Once you have pip3, simply run the following commands:

git clone https://github.com/haskellcamargo/sclack.git
cd sclack
pip3 install -r requirements.txt
chmod +x ./app.py
./app.py

Run ./app.py after giving the correct permissions (chmod 755 app.py for example). If you don’t have a ~/.sclack file, you can generate one by providing your workspace token. You can change the theme, enable or disable images, emojis, markdown, configure keyboards and everything else in the config.jsonfile.

Sclack looks lovely, works the way I want, and does pretty much everything you need from a Slack client!

You can check out the author’s github website here: https://github.com/haskellcamargo/sclack

Source

cairo release 1.16.0 now available

[Development] Posted Oct 20, 2018 14:57 UTC (Sat) by jake

After four years of development since 1.14.0, version 1.16.0 of the cairo 2D graphics library has been released. “Of particular note is a wealth of work by Adrian Johnson to enhance PDF
functionality, including restoring support for MacOSX 10.4, metadata,
hyperlinks, and more.

Much attention also went into fonts, including new colored emoji glyph
support, variable fonts, and fixes for various font idiosyncrasies.

Other noteworthy changes include GLESv3 support for the cairo_gl
backend, tracking of SVG units in generated SVG documents, and cleanups
for numerous test failures and related issues in the PDF and Postscript
backends.” More information can be found in the change log.

Source