In the face of increasing cyber and malware attacks on defence as well as critical infrastructure across the country, the Defence Ministry has decided to replace the Microsoft Operating System (OS) in all computers connected to the Internet with a new OS, Maya, based on open-source Ubuntu developed locally.
Kernel testing is a perennial topic at Linux-related conferences and the KernelCI project is one of the larger testing players. It does its own testing but also coordinates with various other testing systems and aggregates their results. At the 2023 Embedded Open Source Summit (EOSS), KernelCI developer Nikolai Kondrashov gave a presentation on the testing framework, its database, and how others can get involved in the project. He also had some thoughts on where KernelCI is falling short of its goals and potential, along with some ideas of ways to improve it.
Kondrashov works for Red Hat on its Continuous Kernel Integration (CKI) project, which is an internal continuous-integration (CI) system for the kernel that is also targeting running tests for kernel maintainers who are interested in participating. CKI works with KernelCI by contributing data to its KCIDB database, which is the part of KernelCI that he works on. He noted that he was giving the talk from the perspective of someone developing a CI system and participating in KernelCI, rather than as a KernelCI maintainer or developer. His hobbies include embedded development, which is part of why he was speaking at EOSS, he said.
It is well understood that concurrency makes programming problems harder; the high level of concurrency inherent in kernel development is one of the reasons why kernel work can be challenging. Things can get even worse, though, if concurrent access happens in places where the code is not expecting it. The long story accompanying this short patch from Christian Brauner is illustrative of the kind of problem that can arise when assumptions about concurrency prove to be incorrect.
Within the kernel, struct file is used to represent an open file. It contains the information needed to work with that file, including an extensive operations vector, a reference count, a pointer to the associated inode, the current read/write position, and more. Since there can be multiple references to an open file, there must be a way to serialize access to this structure. The f_lock spinlock is used in most cases, but there is also a mutex called f_pos_lock that is used for access to the file position.
Acquiring and releasing locks has a cost of its own. Many I/O operations affect the file position, so an I/O-intensive workload can end up repeatedly taking and releasing f_pos_lock, increasing the overhead imposed by the kernel. As it happens, though, having multiple references to an open file is a relatively rare occurrence. If there is only a single reference to a given file, concurrent access to the file position cannot happen and that lock overhead is wasted.
One of the longstanding strengths of Linux, and a key to its early success, is its ability to interoperate with other systems. That interoperability includes filesystems; Linux supports a wide range of filesystem types, allowing it to mount filesystems created by many other operating systems. Some of those filesystem implementations, though, are better maintained than others; developers at both the kernel and distribution levels are currently considering, again, how to minimize the security risks presented by the others.
The fchmodat() system call on Linux hides a little secret: it does not actually implement all of the functionality that the man page claims (and that POSIX calls for). As a result, C libraries have to do a bit of a complicated workaround to provide the API that applications expect. That situation looks likely to change with the 6.6 kernel, though, as the result of this patch series posted by Alexey Gladkov.
In the previous report, it was mentioned how Linux's creator, Linus Torvalds, expressed his disappointment towards the feature, calling it a "plague" for the Linux kernel. His views gained huge traction in the industry, ultimately leading the company to step in and resolve the issue. As disclosed by Phoronix, the red team has now disabled the RNG for all fTPMs authoring the patch today.
Are you a Debian 12 user who’s passionate about safeguarding your system against unexpected hiccups and disasters? Look no further, because Timeshift is here to save the day! Timeshift is a fantastic tool that allows you to create and restore system snapshots effortlessly.
One of the things you could say about log messages from programs is that even a program doesn't want to commit to long term stability of its log messages (which I think it shouldn't), it should be able to document a list of the messages for any particular release. Then system administrators and other parties could go through the documentation with some confidence to build log parsing and matching rules for the current version.
Incident Response is a systematic method for addressing and managing security incidents in organizations, focused on minimizing and investigating the impact of events and restoring normal operations.
When an incident is spotted, typically by an alert or observation, response teams swing into action to address any damage and prevent it from spreading. They may disconnect infected systems, disable services, or prevent suspicious connections. Response teams also conduct an investigation into the incident, gathering evidence and studying the causes in order to determine the nature of the threat and any vulnerabilities exploited. Communication is critical, with response teams keeping everyone informed, including management, IT staff, victims, law enforcement agencies, and other stakeholders.
What we can do to improve the TOFU situation is to publish the server's SSH fingerprint over DNS, so when you connect, SSH will try to fetch the fingerprint if it exists and compare it with what the server is offering. This only works if the DNS server uses DNSSEC, which guarantees the DNS answer hasn't been tampered with in the process. It's unlikely that someone would be able to simultaneously hijack your SSH connection to a different server and also craft valid DNSSEC replies.
But there's a new(er) compression algorithm called Brotli (br). It's Better, Faster, Stronger, Harder than gzip. Mostly.
Files management is an important skill for everyone who utilizes storage devices for whatever reason. File recovery tools for instance are crucial utilities you need to understand especially how they are used in Linux.€
A good data recovery tool gives you an opportunity to recover deleted files in Linux including getting you out of many other data loss situations. Whether you are dealing with a corrupted or wiped hard disk in Linux, a well-prepared Linux administrator ought not to worry about any eventuality. In this guide, you will learn some of the commonly used recovery solutions for Linux.€
Most people continue to face data recovery challenges across the world. Like those using Windows computers, Linux users are not left behind in these challenges. Some of the issues you could have faced before looking for this article include emptied trash on Linux, corrupted drive, deleted files, and damaged device.€
However, you should not be worried as there are multiple methods you can try to fix such challenges. These fixes include using data recovery software. While there are equally many software in the market you can use today, we will explore this list of reliable open-source recovery software for data recovery on Linux. Read on to learn how to navigate a data recovery tool on Linux with a focus on open-source software.
This tutorial shows you how to easily set up a web, email and DNS server with ISPConfig 3 using the ISPConfig auto-installation script.
It's common knowledge that SSH connections are secure; however, they always had a flaw: when you connect to a remote host for the first time, how can you be sure it's the right one and not a tampered system?
When run on Debian stable, FreedomBox has an optional feature called “Frequent Feature Updates”. If this feature is enabled, it has 2 effects: [...]
Adding a database to your application ensures data integrity and security. PostgreSQL (Postgres) is a Structured Query Language (SQL) database management system that you may want to consider.
Postgres supports most of the popular operating systems and is compatible with modern programming languages. Postgres also handles various data and document types. With SQL skills in high demand, learning to configure and use PostgreSQL is an advantage.
You'll learn how to install, configure, and use Postgres in a Django application. You will also test the functionality of the database by adding, storing, and retrieving data from the database.
Many technical professionals would like to write a book sharing their knowledge and experience, but most haven't. It's not from a lack of ideas or experience with technical subject matter. Instead, they just don't know how to turn their idea into an actual published book. The publishing world seems as mysterious and inaccessible to many technology experts as technology seems to many in publishing.
Linux lets you control everything and that’s one of the reasons why almost every service in the world runs on servers that are managed using Linux. This pinpoint control is not only available on servers but also to users who use Linux distros on a daily basis. One of the advantages of having control is you could limit other users in Linux to how much information and files they can access, and if you didn’t already know you could do that, here’s how to change the ownership of a directory in Linux.
Unzipping files is one of the basic things every operating system out there can do. Each has its own way of doing it and Linux is no different. While you may think unzipping files in Linux might require you to have a degree in rocket science, you’d be wrong and while you could unzip files from the command line, there are lots of GUI apps that can also unzip files with ease. Hence, in this article, let’s look at how to extract or untar ZIP or TAR files on Linux.
Might be finally time for me to play through Resident Evil Village thanks to the Resident Evil: Decades of Horror - Village Edition Bundle from Humble Bundle that's now live. Seems like a pretty good deal if you're a fan of action horror games.
Vagrus - The Riven Realms is a narrative-heavy RPG that mixes in exploration, turn-based combat, resource management and more. As of the latest upgrade it's also now Steam Deck Verified.€ This is a game for people who like things a bit slower, as it's not constant action and does require quite a lot of thoughtful reading, the world is also really interesting.
The OpenRA developers are steadily working towards the next stable releasing to continue supporting Red Alert, Command & Conquer and Dune 2000 on modern platforms with full cross-platform play.
Ready for the next bigger patch for survival game Valheim? Developer Iron Gate has a new public test available with lots of fixes. This is not a content focused patch, that's still to come a while later, this is just to clean up issues players have been reporting.
As you know, even with a “simple” language like Python, porting a desktop application to a new version of GTK can be a pretty significant amount of work; doubly so when it is accompanied by major refactoring of the app itself at the same time.
In Getting Things GNOME‘s case, this has been over a year in the making, for various technical and personal/life reasons.
GNOME is known for its sleek and user-friendly design; with extensions, you can take it a step further. These extensions are like plugins that enhance various aspects of your desktop environment. Let's dive into the top 20 GNOME extensions that cater to different needs and preferences.
I am pleased to be writing today’s blog post from a laptop running Ares OS. I am writing into an ed(1) session, on a file on an ext4 filesystem on its hard drive. That’s pretty cool! It seems that a lot of interesting stuff has happened since I gave that talk on Helios at FOSDEM in February.
The concept behind RISC-V is truly exciting and, if it's actually able to take off, it might change the tech landscape considerably. Unlike ARM and x86, RISC-V is a completely open architecture, allowing anyone to create processors based on the design or create improvements without complicated licensing agreements. Now, Debian is officially adding RISC-V support in its next major version, version 13.
Debian 13, codenamed Trixie, will come with official support for the RISC-V architecture. While it was already possible to run Debian on RISC-V hardware, versions of Debian compatible with the architecture were technically unofficial ports. Version 13 of the operating system will be the first one to officially support the open architecture, something that represents a big win in its believers' efforts to eventually make it mainstream. Debian is already available in a range of both conventional and non-conventional CPU architectures, from the old-fashioned x86 and ARM to more niche things such as MIPS, PowerPC, and IBM Z. Debian support would also make it easier for downstream Linux distributions to add RISC-V support, such as Ubuntu Linux and its many derivities.
If you've used Linux long enough, chances are good you've heard of a rolling release, which is a distribution that is constantly up to date. Thanks to a continuous stream of updates, instead of having to upgrade from one major release to the next, it's all taken care of in the normal upgrade process.
Rhino Linux brings this to Ubuntu.
Rhino ships with a customized version of Xfce (version 4.18), called Unicorn, and uses a package manager called Pacstall, which is similar to Arch's AUR. Pacstall is a meta-package manager that combines apt, pacstall, flatpak, and snap into an easy-to-use GUI. There is also a customized Calamares installer and an app called Your System, which is a GUI tool that allows you to view system information at a glance.
“These were either not labeled at all or made up of components that weren’t sold for the past five or six years. The company that had originally done the software and integration was out of business,” said Kulakovich. “The operating system was Linux, but it was installed in French. The notes for the components were in Chinese. But not all the notes — some were in French,” he said, noting that the name of the Linux distribution “wasn’t Ubuntu, it was L’Ubuntu.”
Imagine if – as a job applicant – you could put yourself right in front of the hiring lead, and tell them, in your own words, in your own time, without interruption or distraction or pressure, why you think you’d be an excellent person for the role.
What kind of applicant would benefit the most?
In the realm of single board computers (SBC), YouYeeToo has unveiled a new development board: the all-new YY3568 SBC. This innovative piece of technology is powered by the RK3568 Arm SOC and boasts up to 16GB of RAM. It’s a versatile machine, capable of running both Android and Linux, making it a powerful tool for developers and tech enthusiasts alike.
The YY3568 ARM Development Board is based on the Rockchip RK3568 Quad Core A55, a processor designed specifically for AIOT. This board is not only powerful but also customizable, with RAM and storage options ranging from 2/16GB to 4/32GB. It also features a variety of SoM connectors, including MXM 3.0 and 314Pin, and supports WIFI & BT via M.2 E-Key PCIe 2.0.
ORANGE SLIDESHOW, A RASPBERRY PI SLIDESHOW PORT FOR ORANGE PI 3 LTS About | Download and use | Donation | Faq | Changelog | Orange Pi 3 LTS Orange Slideshow is focused on quick-to-set-up image and video slideshows for the Orange Pi 3 LTS micro computer lineup. (the image is just an example of what […]
Bob from TheKeebProject has created an RP2040 PCB capable of running Doom inside a keyboard keycap.
In this case, that sensor data comes from an ultrasonic rangefinder mounted to the front of the 3D-printed robot. An Arduino UNO R4 Minima board receives that data and controls the robot’s two motors through H-bridge drivers. That hardware is very straightforward so that Soileau could focus on the PID control. Tuning that is all about balancing the three constant values to get the desired performance. Soileau spent some time working on the Arduino sketch to get the PID control integrated and was eventually able to make the robot act like it should.
It’s been more than five years since the Spectre and Meltdown processor vulnerabilities sparked a wave of revisions to computer chip designs across the industry. The flaws represented specific bugs but also conceptual data protection vulnerabilities in the schemes chips were using to make data available for processing more quickly and speed that processing. Intel has invested heavily in the years since these so-called speculative execution issues surfaced to identify similar types of design issues that could be leaking data. But the need for speed remains a business imperative, and both researchers and chip companies still find flaws in efficiency measures.
This latest vulnerability, dubbed Downfall by Daniel Moghimi, the Google researcher who discovered it, occurs in chip code that can use an instruction known as Gather to access scattered data more quickly in memory. Intel refers to the flaw as Gather Data Sampling after one of the techniques Moghimi developed to exploit the vulnerability. Moghimi will present his findings at the Black Hat security conference in Las Vegas on Wednesday.
Krejci’s design only has an 8Ãâ8 resolution, which is the maximum native output of the AMG8833 infrared sensor array. By conventional digital camera standards, that is too low to be usable. But it is enough for some simple tasks you might want to perform with a thermal camera. At that resolution, the device will act almost like a non-contact thermometer that shows you 64 points. You can identify hot IC chips and even see large thermal currents.
I’ve been sitting here for years trying to ignore the increasingly awful IBM Red Hat situation, but now it is starting to affect Fedora. Distributions that have 3-4 people maintaining them have native packages for LibreOffice, and now it is the IBM Red Hat position that they need those “developer hours” (how many hours do they spend sending updates to a build bot?) fixing Wayland, which has routinely broken the ABI for little or no reason, as the developers themselves now openly admit to on the mailing lists.
They’re pressuring people to add FlatHub and then when they do it’s like all sorts of horrible things you didn’t want to see in your software center, like Microsoft Edge, the backdoored password stealer.
Flathub is also a security hazard itself, like Snaps are. Snaps already had some malware incidents like bitcoin miners. They don’t care if the software is proprietary. Just dump it in there, and when they can’t review it some poor user always ends up cleaning up the mess.
It’s interesting how Codes of Conduct only send other people to the Death Camp of Tolerance, isn’t it?
They harbor worse than Walter deep inside the Fedora community.
Homophobes, transphobes, etc. They don’t punish them at all. It seems the only thing they do care about is users with technical complaints.
Trail of Bits has developed a suite of open-source libraries designed to streamline the creation and deployment of eBPF applications. These libraries facilitate efficient process and network event monitoring, function tracing, kernel debug symbol parsing, and eBPF code generation.
But only the most hardcore of IBM PC users are still running DOS, and if you have eschewed things like Unix for this command-line operating system this long you might want to try using it to get online in the Fediverse with Mastodon.
However, curl has some lovely features, including the ability to send data with the request. This is normally done using the --data option, but there's a --data-urlencode option too, which will URL encode whatever you pass with this option.
India's government has decided the nation needs an indigenous web browser and has launched the Indian Web Browser Development Challenge (IWBDC) to make it happen.
The Challenge "seeks to inspire and empower technology enthusiasts, innovators, and developers from all corners of the country to create an indigenous web browser." The desired browser will have its own trust store, use a root certificate from India's Controller of Certifying Authorities, and offer "cutting edge functionalities and enhanced security & data privacy protection features," according to the government announcement.
The ability to "digitally sign documents using a [cryptocurrency] token, bolstering secure transactions and digital interactions" is also on the list of desired features, as is suitability for individuals with diverse abilities.
Google Chrome’s built-in translation capabilities are something I find useful. Whenever I load a web page not in my native tongue (which is English, despite what my typos may suggest) the browser asks if I want to translate the content (which, most times, I do).
Thus I’m pretty thrilled to see the Firefox 117 beta is testing a website translation feature of its own.
And as you’d expect Mozilla’s version looks to to a privacy respecting implementation compared to Google’s take.
In the pop-up that appears when you load a web page in a non-default (but supported by the feature) language the browser says that translations happen on your device.
Open source lies at the heart of Mozilla and our Manifesto. Despite its ubiquity in the current technology landscape, it is easy to forget that open source was once a radical idea which was compared to cancer. In the long journey since, Mozilla has helped create an open source browser, email client, programming language, and data donation platform while applying the ethos beyond our code, including our advocacy.
I regularly point people to Tmandry's 2021 post "Contexts and Capabilities in Rust". While nobody is actively working on the design at the moment, it's more because of prioritization than anything else. It seems like it could make certain usage patterns a lot nicer in Rust, and one of those is probably working with custom allocators. I've been working a lot with slab allocators recently, and I'd love it if they were easier to work with in Rust. So I wanted to take a moment to talk about allocators, capabilities as a language feature, and why I believe that would work well.
When you enter in your browser the domain name lemire.me, it eventually gets encoded into a so-called wire format. The name lemire.me contains two labels, one of length 6 (lemire) and one of length two (me). The wire format starts with 6lemire2me: that is, imagining that the name starts with an imaginary dot, all dots are replaced by the length (in bytes) of the upcoming label. The numbers are stored as byte values, not ASCII digits.
In a recent article, we discussed the service level indicator formula:
\(SLI = \frac {\text{good}} {\text{valid}} \times 100\)
Another article discussed the valid. This article talks about the definition of good.
Data analysis often requires preprocessing and transforming data to make it more suitable for analysis. In R, the scale() function is a powerful tool that allows you to standardize or normalize your data, helping you unlock deeper insights. In this blog post, we’ll dive into the syntax of the scale() function, provide real-world examples, and encourage you to explore this function on your own. The scale() function can be used to center and scale the columns of a numeric matrix, or to scale a vector. This can be useful for a variety of tasks, such as: [...]
The tl;dr of this article is: to model latent common causes without having to list them explicitly, condition on the previous observation.
Let’s dig into what that means.
The simple problem with making promises about what your program's logs will contain is that promises create official APIs. Everything you promise about your logs becomes part of your program's functional API, something you've told people that they can confidently use and rely on. If you promise that you'll log certain messages in certain situations and you don't always, you've made this into a bug by definition; if you change what messages you emit in these circumstances in a future version, you've created an API incompatibility.
When it comes to data visualization in R, the par() function is an indispensable tool that often goes overlooked. This function allows you to control various graphical parameters, unleashing a world of customization possibilities for your plots. In this blog post, we’ll demystify the par() function, break down its syntax, and provide you with hands-on examples to help you create stunning visualizations.
I’ve been releasing GoReleaser Pro Nightlies for a while now, but it never had a fixed schedule, and the OSS version never had a nightly release either.
Starting now, the Pro Nightly will be released every Wednesday, and the OSS every Thursday.
Bayes’ Rule is a formula used to update the probability of an event given new evidence. It’s a fundamental concept in probability theory. The formula can be expressed as:
P(A|B) = (P(B|A) * P(A)) / P(B)
The Python global interpreter lock (GIL) has long been a barrier to increasing the performance of programs by using multiple threads—the GIL serializes access to the interpreter's virtual machine such that only one thread can be executing Python code at any given time. There are other mechanisms to provide concurrency for the language, but the specter of the GIL—and its reality as well—have often been cited as a major negative for Python. Back in October 2021, Sam Gross introduced a proof-of-concept, no-GIL version of the language. It was met with a lot of excitement at the time, but seemed to languish to a certain extent for more than a year; now, the Python Steering Council has announced its intent to accept the no-GIL feature. It will still be some time before it lands in a released Python version—and there is the possibility that it all has to be rolled back at some point—but there are several companies backing the effort, which gives it all a good chance to succeed.