YubiKey 5 Series Launched, Google Chrome’s Recent Questionable Privacy Practice, PlayOnLinux Alpha Version 5 Released, Android Turns Ten, and Fedora 29 Atomic and Cloud Test Day

News briefs September 24, 2018.

Yubico announced the launch of the YubiKey 5 series this morning, which are the first multi-protocol security keys to support FIDO2/WebAuthn and allow you to replace "weak password-based authentication with strong hardware-based authentication". You can purchase them here for $45.

Google Chrome recently has begun automatically signing your browser in to your Google account for you every time you log in to a Google property, such as Gmail, without asking and without notification. See Matthew Green's blog post for more information on the huge privacy implications of this new practice.

PlayOnLinux released the alpha version of PlayOnLinux and PlayOnMac 5 ("Phoencis") over the weekend. The interface has been completely redesigned and is now decentralized, so if the website has issues, the program will still work. In addition, the script is now available on GitHub. This alpha version supports 135 games and apps. See the full list here.

Android celebrated its 10th birthday this weekend. See TechRadar, Engadget and TechCrunch for different takes on Android's history.

Fedora 29 Atomic and Fedora 29 Cloud development is wrapping up, and they now provide the latest versions of packages in Fedora 29, including all new features and bug fixes. Fedora Atomic Working Group and Cloud SIG are organizing a Test Day, Monday, October 1st. See the wiki page if you're interested in participating.

YubiKey 5 Series Launched, Google Chrome’s Recent Questionable Privacy Practice, PlayOnLinux Alpha Version 5 Released, Android Turns Ten, and Fedora 29 Atomic and Cloud Test Day

News briefs September 24, 2018.

Yubico announced the launch of the YubiKey 5 series this morning, which are the first multi-protocol security keys to support FIDO2/WebAuthn and allow you to replace "weak password-based authentication with strong hardware-based authentication". You can purchase them here for $45.

Google Chrome recently has begun automatically signing your browser in to your Google account for you every time you log in to a Google property, such as Gmail, without asking and without notification. See Matthew Green's blog post for more information on the huge privacy implications of this new practice.

PlayOnLinux released the alpha version of PlayOnLinux and PlayOnMac 5 ("Phoencis") over the weekend. The interface has been completely redesigned and is now decentralized, so if the website has issues, the program will still work. In addition, the script is now available on GitHub. This alpha version supports 135 games and apps. See the full list here.

Android celebrated its 10th birthday this weekend. See TechRadar, Engadget and TechCrunch for different takes on Android's history.

Fedora 29 Atomic and Fedora 29 Cloud development is wrapping up, and they now provide the latest versions of packages in Fedora 29, including all new features and bug fixes. Fedora Atomic Working Group and Cloud SIG are organizing a Test Day, Monday, October 1st. See the wiki page if you're interested in participating.

ModSecurity and nginx

nginx is the web server that's replacing Apache in more and more of the world's websites. Until now, nginx has not been able to benefit from the security ModSecurity provides. Here's how to install ModSecurity and get it working with nginx.

Earlier this year the popular open-source web application firewall, ModSecurity, released version 3 of its software. Version 3 is a significant departure from the earlier versions, because it's now modularized. Before version 3, ModSecurity worked only with the Apache web server as a dependent module, so there was no way for other HTTP applications to utilize ModSecurity. Now the core functionality of ModSecurity, the HTTP filtering engine, exists as a standalone library, libModSecurity, and it can be integrated into any other application via a "connector". A connector is a small piece of code that allows any application to access libModSecurity.

A Web Application Firewall (WAF) is a type of firewall for HTTP requests. A standard firewall inspects data packets as they arrive and leave a network interface and compares the properties of the packets against a list of rules. The rules dictate whether the firewall will allow the packet to pass or get blocked.

ModSecurity performs the same task as a standard firewall, but instead of looking at data packets, it inspects HTTP traffic as it arrives at the server. When an HTTP request arrives at the server, it's first routed through ModSecurity before it's routed on to the destination application, such as Apache2 or nginx. ModSecurity compares the inbound HTTP request against a list of rules. These rules define the form of a malicious or harmful request, so if the incoming request matches a rule, ModSecurity blocks the request from reaching the destination application where it may cause harm.

The following example demonstrates how ModSecurity protects a WordPress site. The following HTTP request is a non-malicious request for the index.php file as it appears in Apache2's log files:


GET /index.php HTTP/1.1

This request does not match any rules, so ModSecurity allows it onto the web server.

WordPress keeps much of its secret information, such as the database password, in a file called wp-config.php, which is located in the same directory as the index.php file. A careless system administrator may leave this important file unprotected, which means a web server like Apache or nginx happily will serve it. This is because they will serve any file that is not protected by specific configuration. This means that the following malicious request:


GET /wp-config.php HTTP/1.1

will be served by Apache to whomever requests it.

ModSecurity and nginx

nginx is the web server that's replacing Apache in more and more of the world's websites. Until now, nginx has not been able to benefit from the security ModSecurity provides. Here's how to install ModSecurity and get it working with nginx.

Earlier this year the popular open-source web application firewall, ModSecurity, released version 3 of its software. Version 3 is a significant departure from the earlier versions, because it's now modularized. Before version 3, ModSecurity worked only with the Apache web server as a dependent module, so there was no way for other HTTP applications to utilize ModSecurity. Now the core functionality of ModSecurity, the HTTP filtering engine, exists as a standalone library, libModSecurity, and it can be integrated into any other application via a "connector". A connector is a small piece of code that allows any application to access libModSecurity.

A Web Application Firewall (WAF) is a type of firewall for HTTP requests. A standard firewall inspects data packets as they arrive and leave a network interface and compares the properties of the packets against a list of rules. The rules dictate whether the firewall will allow the packet to pass or get blocked.

ModSecurity performs the same task as a standard firewall, but instead of looking at data packets, it inspects HTTP traffic as it arrives at the server. When an HTTP request arrives at the server, it's first routed through ModSecurity before it's routed on to the destination application, such as Apache2 or nginx. ModSecurity compares the inbound HTTP request against a list of rules. These rules define the form of a malicious or harmful request, so if the incoming request matches a rule, ModSecurity blocks the request from reaching the destination application where it may cause harm.

The following example demonstrates how ModSecurity protects a WordPress site. The following HTTP request is a non-malicious request for the index.php file as it appears in Apache2's log files:


GET /index.php HTTP/1.1

This request does not match any rules, so ModSecurity allows it onto the web server.

WordPress keeps much of its secret information, such as the database password, in a file called wp-config.php, which is located in the same directory as the index.php file. A careless system administrator may leave this important file unprotected, which means a web server like Apache or nginx happily will serve it. This is because they will serve any file that is not protected by specific configuration. This means that the following malicious request:


GET /wp-config.php HTTP/1.1

will be served by Apache to whomever requests it.

Weekend Reading: Scary Tales from the Server Room

scary sys admin

It's always better to learn from someone else's mistakes than from your own. This weekend we feature Kyle Rankin and Bill Childers as they tell stories from their years as systems administrators. It's a win-win: you get to learn from their experiences, and they get to make snide comments to each other. 

We also want to hear your scary server room stories. E-mail us, publisher@linuxjournal.com, with yours (just a few sentences or even a few paragraphs is fine), and we'll publish every one we receive on October 31...spooky.

 

Zoning Out

by Kyle Rankin and Bill Childers

Sometimes events and equipment conspire against you and your team to cause a problem. Occasionally, however, it's lack of understanding or foresight that can turn around and bite you. Unfortunately, this is a tale of where we failed to spot all the possible things that might go wrong.

 

Panic on the Streets of London

by Kyle Rankin and Bill Childers

I was now at the next phase of troubleshooting: prayer. Somewhere around this time, I had my big breakthrough...

 

It's Always DNS's Fault!

by Kyle Rankin and Bill Childers

I was suffering, badly. We had just finished an all-night switch migration on our production Storage Area Network while I was hacking up a lung fighting walking pneumonia. Even though I did my part of the all-nighter from home, I was exhausted. So when my pager went off at 9am that morning, allowing me a mere four hours of sleep, I was treading dangerously close to zombie territory...

 

Unboxing Day

by Kyle Rankin and Bill Childers

As much as I love working with Linux and configuring software, one major part of being a sysadmin that always has appealed to me is working with actual hardware. There's something about working with tangible, physical servers that gives my job an extra dimension and grounds it from what might otherwise be a completely abstract job even further disconnected from reality. On top of all that, when you get a large shipment of servers, and you view the servers at your company as your servers, there is a similar anticipation and excitement when you open a server box as when you open Christmas presents at home. This story so happens to start during the Christmas season...

 

 

 

Purism Launches the Librem Key, Mir 1.0 Released, Solus 3 ISO Refresh Now Available, New Malware as a Service Botnet Discovered and Sparky 5.5 Is Out

News briefs September 21, 2018.

Purism yesterday launched Librem Key, the "first and only OpenPGP smart card providing a Heads-firmware-integrated tamper-evident boot process". The Librem key is the size of an average thumb drive, allows you to keep your secret encryption keys in your pocket, and it alerts you if anyone tampers with your kernel or BIOS while you're away from your laptop. The key works with all laptops but has extended features with Purism's Librem laptop line. You can order one from here for $59. See also Kyle Rankin's post for more details on the Librem key.

The Mir team announces the milestone release of the Mir 1.0 display server today. This release is "targeted at IoT device makers and enthusiasts looking to build thenext-generation of graphical solutions". Mir's goal is to "unify the graphical environment across all devices, including desktop, TV, and mobile devices and continues to be developed with new features and modern standards". See the Mir website for more information.

Solus 3 ISO Refresh was released yesterday. This refresh of the operating system designed for home computing "enables support for a variety of new hardware released since Solus 3, introduces an updated set of default applications and theming, as well as enables users to immediately take advantage of new Solus infrastructure". You can download Solus Budgie, Solus GNOME or Solus MATE from here.

A new botnet in the "Malware as a Service" arena has been discovered that touts "Android-based payloads to potential cybercriminals". The botnet was developed by a Russian-speaking group called "The Lucy Game", which already has provided demos for potential subscribers. See ZDNet for more details.

New install ISO images of Sparky 5.5 "Nibiru", which is based on Debian testing "Buster", are now available for download. Changes include Linux kernel 4.18.6, Calamares installer updated to v. 3.2.1, GCC 8 is now the default and much more. You can download new ISO images from here.

FOSS Project Spotlight: Nitrux, a Linux Distribution with a Focus on AppImages and Atomic Upgrades

Nitrux Distribution

Nitrux is a Linux distribution with a focus on portable, application formats like AppImages. Nitrux uses KDE Plasma 5 and KDE Applications, and it also uses our in-house software suite Nomad Desktop.

What Can You Use Nitrux For?

Well, just about anything! You can surf the internet, word-process, send email, create spreadsheets, listen to music, watch movies, chat, play games, code, do photo editing, create content—whatever you want!

Nitrux's main feature is the Nomad Desktop, which aims to extend Plasma to suit new users without compromising its power and flexibility for experts. Nomad's features:

  • The System Tray replaces the traditional Plasma version.
  • An expanded notification center allows users to manage notifications in a friendlier manner.
  • Easier access to managing networks: quick access to different network settings without having to search for them.
  • Improved media controls: a less confusing way to adjust the application's volume and integrated media controls.
  • Calendar and weather: displays the traditional Plasma calendar but also adds the ability to see appointments and the ability to configure location settings to display the weather.
  • Custom Plasma 5 artwork: including Look and Feel, Plasma theme, Kvantum theme, icon theme, cursor themes, SDDM themes, Konsole theme and Aurorae window decoration.

Nitrux is a complete operating system that ships the essential apps and services for daily use: office applications, PDF reader, image editor, music and video players and so on. We also include non-KDE or Qt applications like Chromium and LibreOffice that together create a friendly user experience.

Available Out of the Box

Nitrux includes a selection of applications carefully chosen to perform the best when using your computer:

  • Dolphin: file manager.
  • Kate: advanced text editor.
  • Ark: archiving tool.
  • Konsole: terminal emulator.
  • Chromium: web browser.
  • Babe: music player.
  • VLC: multimedia player.
  • LibreOffice: open-source office suite.
  • Showimage: image viewer.

Explore a Universe of Apps in Nitrux

The NX Software Center is a free application that provides Linux users with a modern and easy way to manage the software installed on their open-source operating systems. Its features allow you to search, install and manage AppImages. AppImages are faster to install, easier to create and safer to run. AppImages aim to work on any distribution or device, from IoT devices to servers, desktops and mobile devices.

Figure 1. The Nomad Software Center

Canonical Announces Extended Security Maintenance for Ubuntu 14.04 LTS, Mozilla to Discuss the Future of Advertising at ICDPPC, Newegg Attacked, MetaCase Launches MetaEdit+ 5.5 and MariaDB Acquires Clustrix

News briefs for September 20, 2018.

Canonical yesterday announced the Extended Security Maintenance for Ubuntu 14.04 LTS "Trusty Tahr", which means critical and important security patches will be available beyond the Ubuntu 14.04 end-of-life date (April 2019).

Mozilla to hold a high-level panel discussion on "the future of advertising in an open and sustainable internet ecosystem" at the 40th annual International Conference of Data Protection and Privacy Conference in Brussels, Belgium October 22–26, 2018. The discussion is titled "Online advertising is broken: Can ethics fix it?", and it's scheduled for October 23, 2018.

Attackers stole credit-card information from Newegg by injecting 15 lines of skimming code on the online payments page, which remained undetected from August 14th to September 18, 2018, TechCrunch reports. Yonathan Klijnsma, threat researcher at RiskIQ, told TechCrunch that "These attacks are not confined to certain geolocations or specific industries—any organization that processes payments online is a target." If you entered your credit-card data during that period, contact your bank immediately.

MetaCase this morning announced the launch of MetaEdit+ 5.5 for Linux, which brings collaborated models to Git and other version control systems. It's "aimed at expert developers looking to gain productivity and quality by generating tight code directly from domain-specific models". You can download a free trial from here.

MariaDB has acquired Clustrix, the "pioneer in distributed database technology". According to the press release, this acquisition gives "MariaDB's open source database the scalability and high-availability that rivals or exceeds Oracle and Amazon while foregoing the need for expensive computing platforms or high licensing fees."

Investigating Some Unexpected Bash coproc Behavior


Recently while refreshing my memory on the use of Bash's coproc feature, I came across a reference to a pitfall that described what I thought was some quite unexpected behavior. This post describes my quick investigation of the pitfall and suggests a workaround (although I don't really recommend using it).

Ampere eMAG for Hyperscale Cloud Computing Now Available, LLVM 7.0.0 Released, AsparaDB RDS for MariaDB TX Announced, New Xbash Malware Discovered and Kong 1.0 Launched

News briefs for September 19, 2018.

Ampere, in partnership with Lenovo, announced availability of the Ampere eMAG for hyperscale cloud computing. The first-generation Armv8-A 64-bit processors provide "high-performance compute, high memory capacity, and rich I/O to address cloud workloads including big data, web tier and in-memory databases". Pricing is 32 cores at up to 3.3GHz Turbo for $850 or 16 cores at up to 3.3GHz Turbo for $550.

LLVM 7.0.0 is out. This release is the result of six months of work by the community and includes "function multiversioning in Clang with the 'target' attribute for ELF-based x86/x86_64 targets, improved PCH support in clang-cl, preliminary DWARF v5 support, basic support for OpenMP 4.5 offloading to NVPTX, OpenCL C++ support, MSan, X-Ray and libFuzzer support for FreeBSD, early UBSan, X-Ray and libFuzzer support for OpenBSD, UBSan checks for implicit conversions, many long-tail compatibility issues fixed in lld which is now production ready for ELF, COFF and MinGW, new tools llvm-exegesis, llvm-mca and diagtool." See the release notes for details, and go here to download.

Alibaba Cloud and MariaDB announce AsparaDB RDS for MariaDB TX, which is "the first public cloud to incorporate the enterprise version of MariaDB and provide customer support directly from the two companies. ApsaraDB RDS for MariaDB TX provides Alibaba Cloud customers the latest database innovations and most secure enterprise solution for mission-critical transactional workloads." See the press release for more information.

Unit 42 researchers have discovered a new malware family called Xbash, which they have connected to the Iron Group, that targets Linux and Microsoft Windows severs. Besides ransomware and coin-mining capabilities, "Xbash also has self-propagating capabilities (meaning it has worm-like characteristics similar to WannaCry or Petya/NotPetya). It also has capabilities not currently implemented that, when implemented, could enable it to spread very quickly within an organizations' network (again, much like WannaCry or Petya/NotPetya)." See the Palo Alto Networks post for more details on the attack and how to protect your servers.

Kong Inc. yesterday announced the launch of Kong 1.0, the "only open-source API purpose built for microservices, cloud native and server less architectures". According to the press release, Kong 1.0 is feature-complete: "it combines sub-millisecond low latency, linear scalability and unparalleled flexibility with a robust feature set, support for service mesh patterns, Kubernetes Ingress controller and backward compatibility between versions." See also the Kong GitHub page.

Moving Compiler Dependency Checks to Kconfig

The Linux kernel config system, Kconfig, uses a macro language very similar to the make build tool's macro language. There are a few differences, however. And of course, make is designed as a general-purpose build tool while Kconfig is Linux-kernel-specific. But, why would the kernel developers create a whole new macro language so closely resembling that of an existing general-purpose tool?

One reason became clear recently when Linus Torvalds asked developers to add an entirely new system of dependency checks to the Kconfig language, specifically testing the capabilities of the GCC compiler.

It's actually an important issue. The Linux kernel wants to support as many versions of GCC as possible—so long as doing so would not require too much insanity in the kernel code itself—but different versions of GCC support different features. The GCC developers always are tweaking and adjusting, and GCC releases also sometimes have bugs that need to be worked around. Some Linux kernel features can only be built using one version of the compiler or another. And, some features build better or faster if they can take advantage of various GCC features that exist only in certain versions.

Up until this year, the kernel build system has had to check all those compiler features by hand, using many hacky methods. The art of probing a tool to find out if it supports a given feature dates back decades and is filled with insanity. Imagine giving a command that you know will fail, but giving it anyway because the specific manner of failure will tell you what you need to know for a future command to work. Now imagine hundreds of hacks like that in the Linux kernel build system.

Part of the problem with having those hacky checks in the build system is that you find out about them only during the build—not during configuration. But since some kernel features require certain GCC versions, the proper place to learn about the GCC version is at config time. If the user's compiler doesn't support a given feature, there's no reason to show that feature in the config system. It should just silently not exist.

Linus requested that developers migrate those checks into the Kconfig system and regularize them into the macro language itself. This way, kernel features with particular GCC dependencies could identify those dependencies and then show up or not show up at config time, according to whether those dependencies had been met.

That's the reason simply using make wouldn't work. The config language had to represent the results of all those ugly hacks in a friendly way that developers could make use of.

Linux Community to Adopt New Code of Conduct, Firefox Reality Browser Now Available, Lamplight City Game Released, openSUSE Summit Nashville Announced and It’s Now Easier to Run Ubuntu VMs on Windows 10

News briefs for September 18, 2018.

Following Linus Torvalds' apology for his behavior, the Linux Community has announced it will adopt a "Code of Conduct", which pledges to make "participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation."

Mozilla announced this morning that its new Firefox Reality browser, "designed from the ground up to work on stand-alone virtual and augmented reality (or mixed reality) headsets", is now available in the Viveport, Oculus and Daydream app stores. See the Mozilla blog for more information, how to participate and download links.

The new game Lamplight City, "a steampunk-ish detective adventure" was released recently for Linux, Windows and macOS. See the Steam store for more info and to purchase.

openSUSE announces it will hold its openSUSE SUmmit in Nashville, Tennessee, next year, April 5-6, 2019. Registration is now open for the event and the call for papers is open until January 15, 2019.

It's now much easier to run Ubuntu VMs on Windows 10 via Hyper-V Quick Create. According to ZDNet, Canonical and Microsoft partnered to release "an optimized Ubuntu Desktop image that's available through Microsoft's Hyper-V Gallery".

Writing More Compact Bash Code


In any programming language, idioms may be used that may not seem obvious from reading the manual. Often these usages of the language represent ways to make your code more compact (as in requiring fewer lines of code). Of course, some will eschew these idioms believing they represent bad style. Style, of course, is in the eyes of beholder, and this article is not intended as an exercise in defining good or bad style. So for those who may be tempted to comment on the grounds of style I would (re)direct your attention to /dev/null.

Globbing and Regex: So Similar, So Different

Grepping is awesome, as long as you don't glob it up! This article covers some grep and regex basics.

There are generally two types of coffee drinkers. The first type buys a can of pre-ground beans and uses the included scoop to make their automatic drip coffee in the morning. The second type picks single-origin beans from various parts of the world, accepts only beans that have been roasted within the past week and grinds those beans with a conical burr grinder moments before brewing in any number of complicated methods. Text searching is a bit like that.

For most things on the command line, people think of *.* or *.txt and are happy to use file globbing to select the files they want. When it comes to grepping a log file, however, you need to get a little fancier. The confusing part is when the syntax of globbing and regex overlap. Thankfully, it's not hard to figure out when to use which construct.

Globbing

The command shell uses globbing for filename completion. If you type something like ls *.txt, you'll get a list of all the files that end in .txt in the current directory. If you do ls R*.txt, you'll get all the files that start with capital R and have the .txt extension. The asterisk is a wild card that lets you quickly filter which files you mean.

You also can use a question mark in globbing if you want to specify a single character. So, typing ls read??.txt will list readme.txt, but not read.txt. That's different from ls read*.txt, which will match both readme.txt and read.txt, because the asterisk means "zero or more characters" in the file glob.

Here's the easy way to remember if you're using globbing (which is very simple) vs. regular expressions: globbing is done to filenames by the shell, and regex is used for searching text. The only frustrating exception to this is that sometimes the shell is too smart and conveniently does globbing when you don't want it to—for example:


grep file* README.TXT

In most cases, this will search the file README.TXT looking for the regular expression file*, which is what you normally want. But if there happens to be a file in the current folder that matches the file* glob (let's say filename.txt), the shell will assume you meant to pass that to grep, and so grep actually will see:


grep filename.txt README.TXT

Gee, thank you so much Mr. Shell, but that's not what I wanted to do. For that reason, I recommend always using quotation marks when using grep. 99% of the time you won't get an accidental glob match, but that 1% can be infuriating. So when using grep, this is much safer:


grep "file*" README.TXT

Because even if there is a filename.txt, the shell won't substitute it automatically.

Linus Torvalds Taking a Break, Help Krita Squash the Bugs, Vulnerability in Alpine Linux, Flatpak Now Works on Windows Subsystem for Linux and AnsibleFest 2018 Announced

News briefs for September 17, 2018.

Linus Torvalds is taking a break. In his rc4 email update over the weekend, he writes about his scheduling mix-up with the kernel summit and having a "look yourself in the mirror moment", and then (to summarize), he writes: "hey, I need to change some of my behavior, and I want to apologize to the people that my personal behavior hurt and possibly drove away from kernel development entirely. I am going to take time off and get some assistance on how to understand people's emotions and respond appropriately."

Krita announced its developer fundraiser "let's squash the bugs"! The goal this year for the open-source graphics editor is to "fix bugs, make Krita more stable and bring more polish and shine to all the features we have made possible together". Visit here to learn how you can help.

A vulnerability, has been discovered in Alpine Linux, which is commonly used in Docker images. Worst-case scenario, according to The Register, an "attacker could intercept apk's package requests during Docker image building, inject them with malicious code, and pass them along to the target machines that would unpack and run the code within their Docker container." Update apk and images now.

Alexander Larsson, lead developer and creator of the Flatpak package system, announced via Twitter that it now works on Windows Subsystem for Linux. See the post on Neowin for more on the story, and the "hacky workarounds" required.

Red Hat announces AnsibleFest 2018, which will be held October 2-3, in Austin, Texas and will cover many aspects of IT automation. See the AnsibleFest website for all the details.

Fedora Silverblue Test Day Next Week, Nextcloud 14 Released, Plasma 5.4 Beta Now Available, openSUSE’s Recent Snapshots and Ansible Tower 3.3 Is Out

News briefs for September 14, 2018.

The Fedora Workstation Team is holding a test day next week for Fedora Silverblue, a new variant of Fedora that has rpm-ostree at its core and provides fully atomic upgrades. The test day is Thursday, September 20, 2018. For more information on how to participate, visit the Silverblue Test Day Wiki page.

Nextcloud announced the release of version 14 this week. This new version introduces two big security improvements: video verification and signal/telegram/SMS 2FA support. Version 14 also includes many collaboration improvements as well as a Data Protection Confirmation app in compliance with the GDPR. Go here to install.

KDE released Plasma 5.14 beta yesterday. New to this version are improvements to Plasma's Discover software manager and the addition of a Firmware Update feature, among other things. The final release should be available in three weeks.

openSUSE has released three new snapshots, and the latest brought new major versions of Flatpak and qemu. Flatpak version 1.0 came with snapshot 20180911, and Mozilla Thunderbird received a major update in snapshot 20180910. See the announcement for more details on all the recent snapshot updates.

Ansible Tower 3.3 is now available. New enhancements include added functionality with Red Hat OpenShift, more granular permissions, improvements to the scheduler, support for multiple Ansible environments and more. Visit here for a free trial of Ansible Tower.

Lights, Camera, Open Source: Hollywood Turns to Linux for New Code Sharing Initiative

Software has permeated all industries, bringing us technologies to help create fantastic products and even works of art.No longer confined to sectors whose products are software-focused, everyone from the automotive to the medical industries are writing their own code to meet their needs, some of which may surprise you.

In looking to code smarter, faster and more efficiently, developers across the globe and industries are turning to open-source components that allow them to add powerful features to their work without having to write everything from scratch themselves. One of the latest groups to embrace the Open Source movement is the entertainment industry.

Similar to many other initiatives that have come together in recent years to support the sharing of code between companies, a number of key players under the umbrella of the Academy of Motion Picture Arts and Sciences (AMPAS) have teamed up with The Linux Foundation to establish the Academy Software Foundation (ASWF). Members include companies like Disney, Google, Dreamworks, Epic Games and Intel, just to name a few.

Facing the Reality of Open Source

The drive for these entertainment industry players to team up with The Linux Foundation comes after a two-year study by the AMPAS’ Science and Technology Council into how the sector was using open source. Their survey found that some 84% were using open source in their work, specifically in the fields of animation and visual effects.

However, even as these actors understood the benefits of using open-source projects that were being developed by others, maintaining an ecosystem of sharing software between often competing interests proved to be a challenge. Issues of governance, licensing, multiple versions of libraries and siloed development by individual companies proved to be significant pain points.

According to information available from the ASWF, they are providing much of the infrastructure for the projects, including running their CI server on Jenkins where code can go through the build, test and eventually release for use by the members. Using a centralized system, developers at the various member companies can upload their code to the ASWF repository and CI where it is then available to the other teams.

They note that along with support for Linux, their CI infrastructure will offer service for Windows and Mac desktops and servers, an important requirement in an industry with a high level of Apple usage.

A Look at KDE’s KAlgebra

KAlgebra logo

Many of the programs I've covered in the past have have been desktop-environment-agnostic—all they required was some sort of graphical display running. This article looks at one of the programs available in the KDE desktop environment, KAlgebra.

You can use your distribution's package management system to install it, or you can use Discover, KDE's package manager. After it's installed, you can start it from the command line or the launch menu.

When you first start KAlgebra, you get a blank slate to start doing calculations.

Figure 1. When you start KAlgebra, you get a blank canvas for doing calculations.

The screen layout is a large main pane where all of the calculations and their results are displayed. At the top of this pane are four tabs: Calculator, 2D Graph, 3D Graph and Dictionary. There's also a smaller pane on the right-hand side used for different purposes for each tab.

In the calculator tab, the side pane gives a list of variables, including predefined variables for things like pi or euler, available when you start your new session. You can add new variables with the following syntax:


a := 3

This creates a new variable named a with an initial value of 3. This new variable also will be visible in the list on the right-hand side. Using these variables is as easy as executing them. For example, you can double it with the following:


a * 2

There is a special variable called ans that you can use to get the result from your most recent calculation. All of the standard mathematical operators are available for doing calculations.

Figure 2. KAlgebra lets you create your own variables and functions for even more complex calculations.

There's also a complete set of functions for doing more complex calculations, such as trigonometric functions, mathematical functions like absolute value or floor, and even calculus functions like finding the derivative. For instance, the following lets you find the sine of 45 degrees:


sin(45)

You also can define your own functions using the lambda operator ->. If you want to create a function that calculates cubes, you could do this:


x -> x^3

This is pretty hard to use, so you may want to assign it to a variable name:


cube := x -> x^3

You then can use it just like any other function, and it also shows up in the list of variables on the right-hand side pane.

Support for a LoRaWAN Subsystem

Sometimes kernel developers find themselves competing with each other to get their version of a particular feature into the kernel. But sometimes developers discover they've been working along very similar lines, and the only reason they hadn't been working together was that they just didn't know each other existed.

Recently, Jian-Hong Pan asked if there was any interest in a LoRaWAN subsystem he'd been working on. LoRaWAN is a commercial networking protocol implementing a low-power wide-area network (LPWAN) allowing relatively slow communications between things, generally phone sensors and other internet of things devices. Jian-Hong posted a link to the work he'd done so far: https://github.com/starnight/LoRa/tree/lorawan-ndo/LoRaWAN.

He specifically wanted to know "should we add the definitions into corresponding kernel header files now, if LoRaWAN will be accepted as a subsystem in Linux?" The reason he was asking was that each definition had its own number. Adding them into the kernel would mean the numbers associated with any future LoRaWAN subsystem would stay the same during development.

However, Marcel Holtmann explained the process:

When you submit your LoRaWAN subsystem to netdev for review, include a patch that adds these new address family definitions. Just pick the next one available. There will be no pre-allocation of numbers until your work has been accepted upstream. Meaning, that the number might change if other address families get merged before yours. So you have to keep updating. glibc will eventually follow the number assigned by the kernel.

Meanwhile, Andreas Färber said he'd been working on supporting the same protocol himself and gave a link to his own proof-of-concept repository: https://github.com/afaerber/lora-modules.

On learning about Andreas' work, Jian-Hong's response was, "Wow! Great! I get new friends :)"

That's where the public conversation ended. The two of them undoubtedly have pooled their energies and will produce a new patch, better than either of them might have done separately.

The First Beta of the /e/ OS to Be Released Soon, Canonical’s Security Patch for Ubuntu 18.04 LTS, Parrot 4.2.2 Now Available, Open Jam 2018 Announced and Lightbend’s Fast Data Platform Now on Kubernetes

News briefs for September 12, 2018.

Gaël Duval writes that the first beta of the /e/ OS will be released soon. See his post for more information on how to test it and a list of supported Android devices.

Canonical yesterday released a Linux kernel security patch for Ubuntu 18.04 LTS that addresses two recnetly discovered vulnerabilities. See Softpedia News for more information, and update now if you haven't already.

Parrot, the Debian-based distro for "security experts, developers and crypto-addicted people", released verion 4.2.2 this week. This new version is powered by the latest 4.18 kernel and features a new version of the Debian-Installer, updated firmware packages, the latest LibreOffice 6.1 release, Firefox 62 and more. See the release notes for all the updates.

Open Jam, the open-source game jam, will run this year from October 5–8th: "Participants will build an open source game from scratch in 80 hours, play and judge other games, and compete for a chance to have their game featured at All Things Open." See the announcement on Opensource.com for all the details and how to participate.

Lightbend announced yesterday that version 2.0 of its Fast Data Platform is now available on Kubernetes, making it the "most complete platform for developing and operating microservices-based AI, ML, IoT and other streaming data-based applications. Visit the Lightbend website for more information.