Josh and Kurt talk about the famous Phrack 49 article “Smashing the Stack for Fun and Profit” turning 25 years old. This paper created a massive amount of change in the industry, possibly more than any other paper ever written. Everything from making exploiting stack overflows easier, to defenders creating technologies such as stack canaries are the direct result of this work.
In this episode, WordPress’s Executive Director, Josepha Haden Chomphosy, answers two recently asked questions. Tune in to hear what those questions were and her response, in addition to this week’s small list of big things.
Recently, some interesting security news has occurred, and two specific developments are the main discussion in this episode. Trojan Source is a newly discovered tactic that can be used to hide malicious code and execute something completely unexpected, even when the source code appears to be syntactically correct.
A desktop from Linux past has a surprising update this week, AlmaLinux pulls ahead of the pack, and Canonical ships software for the Apple M1.
Plus, the new tech in SteamOS 3 that might make it a great desktop OS.
Hello and welcome to Episode #441 of Linux in the Ham Shack. In this short-topics episode, the hosts discuss several stories including the latest ARDC grants for ham radio projects, the latest ARRL Handbook, mapping a supernova with SDRs, Lua and Luau, Pipewire, mod_hamradio and much more. Thanks for listening and have a fantastic week.
One of the improvements in the upcoming Linux kernel v5.16 is an improvement to the kernel’s memory management functionality, which will reportedly improve the performance of certain workloads by upto 10%.
Dubbed memory folios, the new feature debuted in Linux kernel 5.16-rc1, the first release candidate (RC) of the next version of the Linux kernel, released yesterday by Linus Torvalds, the maintainer of the mainline Linux kernel.
The 5.16-rc1 kernel prepatch is out and the merge window is closed for this cycle.
Now that the Linux 5.16 merge window has ended with yesterday's Linux 5.16-rc1 release, here is my lengthy original overview of what I find most interesting out of this new kernel version. Linux 5.16 won't be out as stable until around the end of the calendar year or early next year, but it will sure make one nice Christmas gift with all of the shiny new features in tow.
See the feature list below for everything I found interesting from my close monitoring of the Git repositories and mailing list, but here are some of the quick lights... Linux 5.16 adds FUTEX2's futex_waitv syscall as another improvement for Windows games running on Linux and even potentially helping native games in the future, memory folios finally made it in, Intel AMX was merged ahead of Sapphire Rapids, DAMON memory reclamation landed, there is now support for the Raspberry Pi Compute Module 4 on mainline, continued enablement around the Apple Silicon (M1), the Nintendo Switch controller driver was merged, AMD and Intel preparations for DisplayPort 2.0, stable Intel Alder Lake S graphics, Intel DG2/Alchemist bring-up, newer Zstd implementation, and much more.
Adobe is a large multinational computer software company with over 22,000 employees. Its flagship products include Photoshop, Illustrator, InDesign, Premiere Pro, XD, Acrobat DC, and the Portable Document Format (PDF). The products are wrapped up and marketed as the Creative Cloud, a subscription-only way of accessing more than 20 desktop and mobile apps and services for photography, design, video, web, UX, and more
We are long-standing admirers of Adobe’s products. They develop many high quality proprietary programs. It’s true there are security and privacy concerns in relation to some of their products. And there’s considerable criticism attached to their pricing practices. But the real issue is Adobe Creative Cloud does not support Linux. And there’s no prospect of support forthcoming.
What if you are looking to move away from Adobe and embark on a new world of online freedom, where you are not tracked, monetised and attached to Adobe’s ecosystem. We only recommend free and open source alternatives. Our recommended software don’t necessarily replicate every feature of their Adobe counterparts but they offer sufficient functionality for many tasks.
Perhaps you have heard about Matlab, and how great it can be used for mathematics, modeling, computing and simulation tasks. It is indeed a great software, but it has one deadly flow: It is proprietary, and requires a very expensive license to use it.
That’s why, open source alternatives emerged to take the place of Matlab and other similar mathematics software.
In today’s article, we’ll be seeing 3 of the best open source math software in the market.
Terraform is the "Infrastructure as Code (IaC)" tool. It is used to build, manage and change infrastructure in a safe and repeatable way.
It is used to manage environments with a configuration language called the HashiCorp Configuration Language (HCL) for human-readable, automated deployments.
Terraform can be used to manage infrastructure on multiple clouds like AWS, GCP and others. Terraform creates a state file which is the source of truth for the resource configurations. This means whenever resources are created this state file is updated with the state of the resources being created. In this article we will see the steps to install Terraform on Ubuntu and use it to create a VPC on AWS cloud.
Recently, an It’s FOSS reader asked for an issue he was facing with Vivaldi browser while updating his Ubuntu system. The apt update command showed an ‘error message’:
N: Skipping acquisition of configured file ‘main/binary-i386/Packages’, as repository ‘http://repo.vivaldi.com/stable/deb stable InRelease’ doesn’t support architecture ‘i386’
Since I already had Vivaldi installed on my Ubuntu, it was easy for me to reproduce the issue.
Raspberry Pi OS "Bullseye" (based on Debian 11 Bullseye) has been released recently, and this article covers the instructions for upgrading from the older Raspberry Pi OS Buster to this new Bullseye version. This should work with any Raspberry Pi model.
Notepad++ is a popular source-code editor among Windows users. It supports close to 78 different programming language syntaxes and includes a ton of features to improve the text editing experience.
However, one caveat of Notepad++ is that it's only limited to Windows. So, if you've been a Notepad++ user for a long time and recently switched operating systems to Linux, you'll probably feel the void of Notepad++ very dearly.
Fortunately, though, there are a couple of ways to install and get Notepad++ running on a Linux machine. In this guide, we'll go over these methods in detail.
Proper monitoring is an essential ingredient for the effective management of your overall IT infrastructure. A robust real-time monitoring solution provides detailed visibility of your network and application performance.
It helps to identify actual moments when errors and incidents occur and sends alerts. By doing so, operation teams can take intervention measures in a timely fashion and ensure business continuity in the shortest time possible.
This helps you make the most of your IT resources and, in turn, maximize your revenue. As such, one cannot undermine the importance of investing in an efficient and reliable monitoring tool.
Without using a virtual keyboard, the standard physical keyboard supports for inserting alternate characters and symbols using the Compose key in Linux. Here’s how to enable and use the key in Ubuntu 18.04, Ubuntu 20.04, Ubuntu 21.10 & higher with default GNOME desktop.
This guide will show you how to set proxy for APT package manger so that you may be able to install and update packages from remote repos.
Using a proxy server as an internet access intermediary is a common business scenario. If you are running Ubuntu or Debian system behind a proxy server, chances are you have unsuccessfully tried to install packages.
In this guide we will learn how to back up and restore – inporting and exporting data in Mysql or Mariadb – the commands are interchangeable. Importing and exporting databases is a common task in software development. You can use data dumps to back up and restore your information.
In this video, I am going to show an overview of Red Hat Enterprise Linux 8.5 and some of the applications pre-installed.
In this article, you will see how to fix the dock not showing in the newer version of the Gnome desktop environment, particularly starting from Gnome 40. This guide works for all the Linux distributions like Ubuntu, Fedora, Majaro, Pop OS, MX, etc.
Just like me and many other Linux users who have switched to the newer version of the Gnome desktop environment start with Gnome 40, 41, or above. We have faced this issue of the bottom dock is not showing up. It only shows itself when you overview the windows or press the super key. This make makes it harder to access the frequently used applications such as file manager, browser, document editor, etc.
Another issue is that the dock that you see is not a good-looking one, it is so big that it ruins the modern look and feel of Gnome. So in this article, I’m gonna guide you to solve both of these issues with the help of an extension.
Raspberry Pi OS Bullseye has recently been released and with it comes a number of improvements, but most of them are under the hood. There aren’t that many visual differences, the most noticeable is probably the new default desktop background which is now a sunset over a dam or lake.
With this operating system upgrade, we’ve also got the usual bugs and software incompatibilities. These have caused my previous OLED stats display tutorial, that I used for my Raspberry Pi Desktop Case, to no longer work correctly. If you follow the previous tutorial, you’ll be presented with a host of errors.
The very clever puzzle game Superliminal, where everything is about your perspective now has multiplayer was a "Battle Royale" mode where you're all a Chess piece. It's a little weird but it also looks like plenty of fun.
Superliminal is a first-person puzzle game that uses perception as a mechanic. You play as someone who wakes up in a surprisingly lucid dream. You complete puzzles to reach each exit, while looking around to grab objects and change them based on how you're looking at them. It's all about thinking outside the box. What you see is what you get. Literally.
Jazz Jackrabbit and Doom together? Can't say I ever expected that but Doom engine modders constantly surprise me. Jazz Jackrabbit Doom - Episode 1 is out now.
"Jazz Jackrabbit is at it again to rescue his love, Eva Earlong, from his nemesis Devan Shell and his goons. It's up to you to finally end this chase once and for all. Episode 1: Rabbit Rescue follows Jazz, as he starts his journey to save his family and take down Devan once and for all. Taking you through Carrotus, Diamondus, Tubelectric, Medivo, Letni, Technoir and Orbitus, with some hidden maps for the keen-eyed ones."
The past Friday was the last day of the Endless Orange Week. It was a nice and fun experience, and even if I was not able to do as much as I wanted, we were able to make something that "works" in the Hack project.
KDE developer Nate Graham, who is known for writing the 'This week in KDE" blog posts keeping us up to speed on all the latest changes has a fresh update about plans for taking over the world, and Graham has some interesting things to say.
There's certainly no shortage of desktop environments on Linux and a number of ways to build software, each with their own goal and way of doing things. It's both a strength for choice and a reported weakness with so much. It's always interesting to read the point of view from developers whose work we rely on so much in the FOSS community. Especially when Graham came from a background in working with Apple, while now a KDE developer.
Here, it wasn't quite what I expected to read. The post goes over talking about the market leaders like Windows and Android, noting neither was the first to come to market but they've successfully captured the biggest slices. Noting that "Neither is picky about what kind of software you run on them or write for them, so they are used on a wide range of devices by lots of different people. Both work with others in adjacent industries, rather than taking a 'my way or the highway' approach. They are flexible."
We can rest and relax, as we pay another tribute to the OCD demons. But you have to admit, even with the little snags and problems here and there, the Plasma desktop still gives you an amazing range of options that you can change, tweak and customize to your liking. And at the same time, it still manages to look good, behave reasonably, and not diverge from being posh, elegant and consistent.
In general, QML-ing allows you to really go wild and make any which change you like to your desktop. Editing the private, local copy of the relevant plasmoid files also means that your tweaks are fully reversible, so if you do something naughty, you can go back to system defaults. Very handy and convenient. Anyway, system menu height (or width if you like), sorted. And we're done.
With version 21.12 just around the corner, we are releasing the first beta version (21.11.80) for testing. Try it out and help find breakages in your daily usage or bugs in these new features...
You may now import your video footage or audio recording folder while automatically ignoring the folder structures created by some devices like Sony XDCam, Panasonic P2, Canon camcorders or Zoom audio recorders. Please report any issues you are facing at https://bugs.kde.org/enter_bug.cgi?product=kdenlive. In the report don’t forget to set 21.11.80 as your version!
“Lightweight Linux distribution terms” can be different from one to another. It’s all depends on whether he /she wants whether a Linux with GUI or CLI and how much system resource he/she can provide to their Virtual machine running Linux system. Here we are considering that you are a user of either Virtual Box, Vmware Player, or Hyper-V and looking for a Lightweight Linux distro with fewer resources consumption to run on VM (memory, CPU, and Hard disk). Also, if you are a user of Windows 10 or 11 then can consider WSL to start learning Linux.
This report covers FreeBSD related projects for the period between July and September, and is the third of four planned reports for 2021, and contains 42 entries.
The third quarter of 2021 was quite active in lots of different areas, so the report covers a bunch of interesting work including but not limited to boot performance, compile-time analysis, hole-punching support, various drivers, ZFS raidz expansion, an update to the sound mixer, and many more.
Regrettably, the status report got a bit delayed, but we hope that the aphorism better late than never can apply here.
Yours, Daniel Ebdrup Jensen, with status hat on.
The Red Hat Enterprise Linux (RHEL) kernel provides hundreds of settings that can be customized. These settings are frequently customized to increase performance on systems or when performing security hardening.
Implementing consistent kernel settings across a large RHEL environment can be challenging without automation. Red Hat introduced the kernel_settings RHEL System Role to automate the implementation of settings under /proc/sys, /sys, and other settings such as CPU affinity. The role uses tuned to implement these settings on hosts.
RHEL System Roles are a collection of Ansible roles and modules that are included in RHEL to help provide consistent workflows and streamline the execution of manual tasks. For more information on kernel settings in RHEL, refer to the RHEL documentation on Managing, monitoring, and updating the kernel.
I got involved in the Linux space while at IBM as part of the Power Systems team, and since then I've remained fascinated by the immense value that Linux brings to the industry. Linux really has taught us how development is meant to be done, through open source and the heart of innovation unifying a community. I joined Red Hat in order to lead the Red Hat Enterprise Linux organization, working together with customers and partners on the successful definition, execution and delivery of Red Hat Enterprise Linux. Linux is the language of the wider ecosystem, pulling together the best technologies and platforms from an extensive list of software providers and solutions. Our strategy is built on being able to consume Linux wherever and however you want it, and the commitment we have seen to Red Hat Enterprise Linux from our partner ecosystem has been phenomenal and is essential to create value.
IT operations team members work hard to keep systems up and running, often pulling their hair out for resolutions after hours behind the scenes to ensure a seamless front-end experience for their users. But, even superheroes need saving sometimes.
If you’ve struggled to fix your encryption policies after reading article after article online or need some guidance to pull together a proof of concept for your organization’s big migration to the cloud, perhaps a Red Hat Technical Account Manager (TAM) can be a part of the answer you’ve been searching for.
Or maybe you’re an expert troubleshooter and audit log guru and want to use those superhero skills to help more companies manage their operations. Some time back, I read a post over on Reddit (written by someone who was considering working for Red Hat) asking if there were any TAMs that would be willing to talk about their job. Here’s a glimpse into a day on the job as a Red Hat TAM.
As IT systems continue to evolve and grow, their scale and complexity are becoming increasingly difficult to manage. The sheer volume of data these systems generate is overwhelming, and -- without sufficiently intelligent monitoring and analysis tools -- can result in missed alerts, opportunities and excessive (and expensive) downtime.
With the advent of big data and machine learning, however, a new category of IT operations tool has emerged: AIOps.
rpminspect 1.8 is now available. I know it’s been merely days since the previous release, but this release includes bug fixes for the new unicode inspection.
The Desktop Team at Red Hat wants to hire a software engineer to work full-time on Toolbx (formerly known as Toolbox) with me, and hopefully go on to maintain it in the near future. You will be working upstream and downstream (Fedora and RHEL) to improve the developer and troubleshooting experience on OSTree-based Linux operating systems like Fedora Silverblue and CoreOS, and extend some of the benefits to even traditional package-based OSes like Fedora Workstation.
Pine64 has been selling ARM-powered Linux devices for years, such as the PinePhone, a low-end smartphone with a (mostly) open hardware and software design. The PinePhone Pro was announced last month as an upgraded model with improved hardware, and even though the initial model for developers isn’t shipping yet, the phone has now been shown off on video by Pine64.
Lukasz Erecinski, Community Manager at Pine64, shared his impressions of the phone in the company’s November update article. “Obviously everything I am about to write is fundamentally biased,” he said, “but I will stand by every word I write – no PR-speak, I promise. The device is fast, very fast when compared to the original PinePhone and other similar devices.” Erecinski recorded a short video of the phone, where it appears to be (roughly) as responsive as a modern mid-range Android phone.
Pine64 unveiled a cluster-oriented “SOQuartz Blade” 1U rackmount carrier for its RPi CM4-like, RK3566-based SoQuartz module. Also in the works is a full-featured SOQuartz Model-A Baseboard and a Raspberry Pi-sized carrier.
When Pine64 launched its SOQuartz module last week in a developer-focused release, it offered an image and some basic details on an upcoming SOQuartz Model-A Baseboard for the Rockchip RK3566-based module. The SOQuartz can plug into Raspberry Pi CM4 carriers via dual 100-pin connectors. Now, Pine64 has announced a SOQuartz Blade hostboard for the SOQuartz in a 1U rackmount form factor aimed at clustering applications.
With the big Blender 3.0 release due out near year's end there was the Cycles X rewrite that landed and unfortunately removed OpenCL support in the process. While that left AMD Radeon graphics without Blender GPU-accelerated support, in time for the v3.0 release there is now AMD HIP support in place.
AMD has been working with Blender developers to improve GPU rendering by supporting AMD's HIP API in place of the removed OpenCL support. The HIP C++ Runtime API should offer better AMD GPU support than the poor OpenCL back-end of the past. This does require users though to be on the latest AMD Radeon Software Windows driver or on Linux with the Radeon ROCm driver stack in place and working or their Radeon Software for Linux packaged driver stack.
Willy Tarreau, the founder of the HAProxy load balancer, 20 years past its initial, open-source release, still guides the project, often submitting code patches and writing long and meticulous replies on the community forum. Over the years, he has been joined by a cast of regular contributors, but also newcomers. This collaboration has kept the project evolving over time.
In this interview, Willy describes his views on the success of the project, and how it grew over the years. He also discusses how the open-source model has evolved and other forces at play in the software industry.
When this years Open Source Summit Japan rolls into Tokyo next month they won’t be greeting attendees from within the doors at Toranomon Hills Forum, the event’s usual venue, but will be saying their hellos through side channel chat boxes for viewers at home. For the second year in a row, the conference is leaving the tents folded to go all virtual due to considerations around Covid-19.
Like many Linux Foundation events, the summit in Japan is a two-tent show. Officially, it’s “Open Source Summit Japan + Automotive Linux Summit 2021,” with the former being the big top event and the latter being the sideshow, with a single registration giving admission to both. Tickets for the event, which will run December 14-15, is $50, with Linux Foundation members getting a 20% discount.
Patches were recently sent out that implement support for RISC-V's Scalar Cryptography Extension within the GNU Compiler Collection.
The RISC-V Scalar Cryptography Extension work recently wrapped up its public review period for the set of instructions proposed for this open-source processor ISA. The set of extensions aim to enhance RISC-V's capabilities for crypto workloads with AES encryption/decryption, SM4 and SM4 cipher instructions, an entropy source extension, bit manipulation instructions for crypto, carry-less multiply, and more.
In other news, we have decided to delay the release of our new programming language, perhaps by as much as a year. We were aiming for February ‘22, but slow progress on some key areas such as cryptography and the self-hosting compiler, plus the looming necessity of the full-scale acceptance testing of the whole language and standard library, compound to make us unsure about meeting the original release plans. However, progress is slow but moving. We have incorporated the first parts of AES support in our cryptography library, and ported the language to FreeBSD. A good start on date/time support has been under development and I’m pretty optimistic about the API design we’ve come up with. Things are looking good, but it will take longer than expected.
I'm in the process of building a Gemini server framework for Haskell. I know that one already exists (which has very heavily influenced mine) but mine doesn't need to be linked against OpenSSL, which is not hard to do, bit the process is inconsistent from OS to OS. I wanted something that was pure Haskell.
It's not completed yet, but I welcome any feedback. I'm also livestreaming the coding process when I do work on it. I can supply information on that too if there's interest.
You might be surprised how much time R&D teams spend on fixing breaking APIs. Imagine you are the Head of Product, and your R&D team just finished a ground-breaking product after two years of software development. You are ramping up and fine-tuning the production with various global variants for six months to crank out that new product in volumes. Shipping large quantities of products, you get customer feedback that you haven’t received before, and you ask your R&D team to improve the software. Now the R&D team tells you that - instead of only fixing the customer issue - the team also needs to fix the APIs of the product because the latest release of the cross-platform UI toolkit broke several of the APIs you are using. Instead of spending a few days to the customer's issue, your team spends weeks updating everything, including API documentation and integration tests. Does this sound like an unrealistic scenario?
The concept of global variables plays a very vital role in C++ programming. It lets us use a variable anywhere within our whole program and change its values as per our requirements. The cause behind writing this guide is to introduce you to the concept of global variables in C++. After doing that, we also want to share with you some examples through which you will be able to understand the usage of global variables in C++ in Ubuntu 20.04 very clearly.
When I read Curtis’s post I almost decided to bin this one, as he managed to cover everything necessary in his usual succinct, eloquent, and engaging style. But he has encouraged me to post my version of this discussion too, as it provides a little more detail on some of the issues we’re addressing, and on the design rationale for the changes we are jointly proposing.
Personally, I always relish the opportunity to read two versions of exactly the same story by two very different authors, or to watch two directors’ very different takes on the same screenplay. In fact, that’s what initially attracted me away from SmallTalk/C++/Eiffel and into Perl: I read Larry’s version of “Object Orientation”, and found it much more entertaining, and also more enlightening than the other earlier interpretations.
Ashley Mannix maintains several popular Rust crates and used to be a part of the Library (API) Team. Ashley is now getting back into Rust open source work, and will be helping out with maintenance of the standard library and some official rust-lang crates such as log.
Are you still launching paper airplanes using your hands? That’s like a baby’s toy! [Tom Stanton] and his homebrew electromagnetic rail launcher are sure to bring your paper airplane game into the 21st century.
To be fair, these kinds of linear motors can be used for more than just launching paper airplanes, and can already be found in niche industrial applications, mass transportation systems and roller coasters. And, yes, the potential to leverage electromagnetism in the theater of war is also being vigorously explored by many of the world’s superpowers in the form of Gauss rifles and railguns. In the meantime, the video (after the break) proves that it’s entirely possible to build a rudimentary yet effective linear motor in your makerspace, using relatively basic components and fundamental physics.
Daniel Aleksandersen, the creator of EdgeDeflector, wrote a blog post (h/t Thurrott). He said the latest Windows 11 Insider Preview builds prevent apps like EdgeDeflector and other workarounds from getting around Microsoft’s complicated process of changing the default browser and fighting off “microsoft-edge:// links.” Here’s what the post says:
They list Brave Browser, and Riot Chat (now known as Element), various VPNs, the Tor Browser.
Not to be left out, pretty much everything “mainstream” is wrong too, including YouTube, Discord, and Reddit.
Of course, to make this sound really bad, let’s throw in some things that actually are dodgy that you may have heard about.
Microsoft has had plenty of time to fix a security vulnerability. After the vulnerability was disclosed, a patch was released, and it was proven not to be 100 percent successful. But a third-party security specialist has stepped in to develop a patch for the Windows 10 and 11 security vulnerability.
Security updates have been issued by Debian (ffmpeg and tomcat9), Fedora (et and kernel), openSUSE (binutils, rubygem-activerecord-5_1, samba, and tinyxml), Oracle (freerdp and httpd:2.4), Red Hat (devtoolset-11-gcc, gcc-toolset-10-binutils, kernel, kernel-rt, and kpatch-patch), and Scientific Linux (freerdp).
There are, by some estimates, more smart phones on this planet than human beings to use them. People who have never used a desktop computer use smart phones and other mobile devices every day and have much of their lives tethered to them—maybe more than they should.
As a result, cyber-grifters have shifted their focus from sending emails to gullible personal computer users (pretending to be Nigerian princes in need of banking assistance) and have instead set their sights on the easier target of cell phone users. Criminals are using smartphone apps and text messages to lure vulnerable people into traps—some with purely financial consequences, and some that put the victims in actual physical jeopardy.
I recently outlined some ways to apply a bit of armor to our digital lives, but recent trends in online scams have underscored just how easily smartphones and their apps can be turned against their users. It's worth reviewing these worst-case scenarios to help others spot and avoid them—and we aren't just talking about helping older users with this. This stuff affects everyone.
Windows users need to be on high alert. Microsoft has confirmed a critical vulnerability has been found in all versions of Windows which presents an immediate threat, and you need to act now.
U.S. Trade Representative, Katherine Tai’s recent speech about the World Trade Organization was shocking. Why? Because she openly and frankly discussed the yawning gap between the WTO’s expansive rules and what is right and good for people and the planet....