02.02.23

Gemini version available ♊︎

Links 03/02/2023: WINE 8.1 and RapidDisk 9.0.0

Posted in News Roundup at 11:59 pm by Dr. Roy Schestowitz

  • GNU/Linux

    • Server

      • Kubernetes BlogKubernetes Blog: Spotlight on SIG Instrumentation

        Observability requires the right data at the right time for the right consumer (human or piece of software) to make the right decision. In the context of Kubernetes, having best practices for cluster observability across all Kubernetes components is crucial.

      • Container JournalIs Kubernetes Fit For Purpose?

        Are Kubernetes clusters fit to run many of the applications being deployed on them? That question became the focal point of a panel discussion yesterday in Seattle, Washington, hosted by Tetrate, a provider of an instance of the Istio service mesh. Kelsey Hightower, principal engineer for Google Cloud, said one

    • Kernel Space

      • LWNNolibc: a minimal C-library replacement shipped with the kernel [LWN.net]

        The kernel project does not host much user-space code in its repository, but there are exceptions. One of those, currently found in the tools/include/nolibc directory, has only been present since the 5.1 release. The nolibc project aims to provide minimal C-library emulation for small, low-level workloads. Read on for an overview of nolibc, its history, and future direction written by its principal contributor.

        The nolibc component actually made a discreet entry into the 5.0 kernel as part of the RCU torture-test suite (“rcutorture”), via commit 66b6f755ad45 (“rcutorture: Import a copy of nolibc”). This happened after Paul McKenney asked: “Does anyone do kernel-only deployments, for example, setting up an embedded device having a Linux kernel and absolutely no userspace whatsoever?”

      • LWNHiding a process’s executable from itself [LWN.net]

        Back in 2019, a high-profile container vulnerability led to the adoption of some complex workarounds and a frenzy of patching. The immediate problem was fixed, but the incident was severe enough that security-conscious developers have continued to look for ways to prevent similar vulnerabilities in the future. This patch set from Giuseppe Scrivano takes a rather simpler approach to the problem.

        The 2019 incident, which came to be known as CVE-2019-5736, involved a sequence of steps that culminated in the overwriting of the runc container-runtime binary from within a container. That binary should not have even been visible within the container, much less writable, but such obstacles look like challenges to a determined attacker. In this case, the attack was able to gain access to this binary via /proc/self/exe, which always refers to the binary executable for the current process.

        Specifically, the attack opens the runc process’s /proc/self/exe file, creating a read-only file descriptor — inside the container — for the target binary, which lives outside that container. Once runc exits, the attacker is able to reopen that file descriptor for write access; that descriptor can subsequently be used to overwrite the runc binary. Since runc is run with privilege outside of the container runtime, this becomes a compromise of the host as a whole; see the above-linked article for details.

        This vulnerability was closed by having runc copy its binary image into a memfd area and sealing it; control is then be passed to that image before entering the container. Sealing prevents modifying the image, but even if that protection fails, the container is running from an independent copy of the binary that will never be used again, so overwriting it is no longer useful. It is a bit of an elaborate workaround, but it plugged the hole at the time.

      • LWNKernel code on the chopping block [LWN.net]

        Code that is added to the kernel can stay there for a long time; there is code in current kernels that has been present for over 30 years. Nothing is forever, though. The kernel development community is currently discussing the removal of two architectures and one filesystem, all of which seem to have mostly fallen out of use. But, as we will see, removal of code from the kernel is not easy and is subject to reconsideration even after it happens.

    • Graphics Stack

      • LWNX clients and byte swapping [LWN.net]

        While there are still systems with both byte orders, little-endian has largely “won” the battle at this point since the vast majority of today’s systems store data with the least-significant byte first (at the lowest address). But when the X11 protocol was developed in the 1980s, there were lots of systems of each byte order, so the X protocol allowed either order and the server (display side) would swap the bytes to its byte order as needed. Over time, the code for swapping data in the messages, which was written in a more-trusting era, has bit-rotted so that it is now a largely untested attack surface that is nearly always unused. Peter Hutterer has been doing some work to stop using that code by default, both in upstream X.org code and in downstream Fedora.

        A Fedora 38 change proposal to disable support for byte-swapped clients by default in the X server was posted in mid-December. It is owned by Hutterer, who proposed adopting the work he was doing for the X.org server into Fedora. At the time, it was unclear whether the upstream changes would land in time, so the Fedora proposal was contingent on that happening. It turns out that Hutterer merged the changes on January 5, so that would not be an impediment to Fedora being an early adopter of the feature.

    • Applications

      • Petros KoutoupisRapidDisk 9.0.0 now available

        RapidDisk is an advanced Linux RAM Disk which consists of a collection of modules and an administration tool.

    • Instructionals/Technical

      • ID RootHow To Install Brave Browser on Rocky Linux 9

        In this tutorial, we will show you how to install Brave Browser on Rocky Linux 9. For those of you who didn’t know, Brave is a free and open-source web browser developed by Brave Software, Inc.

      • UNIX CopDolphin Emulator on Centos

        It is easily the most popular and best-supported emulator for the console on Linux.

      • UNIX CopHow To Install Kodi Media Server on CentOS 9/ Rocky Linux 9/ AlmaLinux 9

        In this guide, we will show you how to install Kodi Media Server in AlmaLinux, CentOS and RockyLinux servers. Kodi (formerly XBMC) is a free and open-source media player software application developed by the XBMC Foundation, a non-profit technology consortium. Kodi is available for multiple operating systems and hardware platforms, with a software 10-foot user interface for use with televisions and remote controls.

      • UNIX CopHow To Install Mattermost Desktop onCentOS 9/ Rocky Linux 9/ AlmaLinux 9

        In this guide, we will show you how to install Mattermost Desktop on CentOS/AlmaLinux and RockyLinux systems.

      • UNIX CopHow do you install a pacemaker with Apache on RHEL 8?

        A pacemaker with apache high-availability cluster management tool in Red Hat Enterprise Linux 8 that monitors and manages services running on Apache servers. It provides failover capabilities for system failures. Pacemaker combines with httpd using a resource agent.

      • ZDNetWhat are VirtualBox guest snapshots and how do you take them?

        VirtualBox makes it easy to run multiple operating system guests on a single host. One feature you should be regularly using is snapshots. Here’s what they are and how to use them.

    • WINE or Emulation

      • WINE Project (Official)WineHQ – Wine Announcement – The Wine development release 8.1 is now available.
        The Wine development release 8.1 is now available.
        
        What's new in this release:
          - Windows version set to Windows 10 for new prefixes.
          - Many code cleanups that were deferred during code freeze.  
          - Various bug fixes.
        
        The source is available at:
        
        https://dl.winehq.org/wine/source/8.x/wine-8.1.tar.xz
        
        Binary packages for various distributions will be available from:
        
        https://www.winehq.org/download
        
        You will find documentation on https://www.winehq.org/documentation
        
        You can also get the current source directly from the git
        repository. Check https://www.winehq.org/git for details.
        
        Wine is available thanks to the work of many people. See the file
        AUTHORS in the distribution for the complete list.
        
  • Distributions and Operating Systems

  • Free, Libre, and Open Source Software

    • Events

      • Linux Plumbers Conference (LPC)Linux Plumbers Conference: Preliminary Dates and Location for LPC2023

        The 2023 LPC PC is pleased to announce that we’ve begun exclusive negotiations with the Omni Hotel in Richmond, VA to host Plumbers 2023 from 13-15 November. Note: These dates arenot yet final(nor is the location; we have had one failure at this stage of negotiations from all the Plumbers venues we’ve chosen). We will let you know when this preliminary location gets finalized (please don’t book irrevocable travel until then).

    • Programming/Development

      • ButtondownImprove your debugging by asking broad questions

        I recently had to help a friend debug a Word issue where fonts would randomly change to Greek symbols. It got me thinking about theories of debugging in general. At my last job, I was the Debugging Guy.

      • Python

        • LWNPython packaging, visions, and unification [LWN.net]

          The Python community is currently struggling with a longtime difficulty in its ecosystem: how to develop, package, distribute, and maintain libraries and applications. The current situation is sub-optimal in several dimensions due, at least in part, to the existence of multiple, non-interoperable mechanisms and tools to handle some of those needs. Last week, we had an overview of Python packaging as a prelude to starting to dig into the discussions. In this installment, we start to look at the kinds of problems that exist—and the barriers to solving them.

          Our overview just scratched the surface of the Python packaging world, so we will pick up some of the other pieces as we go along. The recent discussions seem to largely stem from Brett Cannon’s mid-November post to renominate himself to the steering council (SC) for the 2023 term; that thread also served to highlight the role of the Python Packaging Authority (PyPA) and its relationship to the Python core developers. Up until relatively recently, the PyPA was an informal organization with a membership that was not well-defined; it had an ad hoc style of governance. That changed in 2019 with the advent of PEP 609 (“Python Packaging Authority (PyPA) Governance”); the PEP formalized the governance of the PyPA.

  • Leftovers

    • James GHappy Groundhog Day

      As of my starting to write this post, there are 25 minutes left until midnight here in the UK. This is the first year that I have actively thought about Groundhog Day throughout the day.

    • ███████ Alert

      The history of everyone’s favorite attempt to keep the suspense going for just a little bit longer, the spoiler alert. People who spoil things are obviously evil. Obviously.


* Gemini (Primer) links can be opened using Gemini software. It’s like the World Wide Web but a lot lighter.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. Links 31/03/2023: Ruby 3.2.2 and Linux Lite 6.4

    Links for the day



  2. Links 31/03/2023: Devices and Games, Mostly Leftovers

    Links for the day



  3. IRC Proceedings: Thursday, March 30, 2023

    IRC logs for Thursday, March 30, 2023



  4. Links 31/03/2023: Ubuntu 23.04 Beta, Donald Trump Indicted, and Finland’s NATO Bid Progresses

    Links for the day



  5. Translating the Lies of António Campinos (EPO)

    António Campinos has read a lousy script full of holes and some of the more notorious EPO talking points; we respond below



  6. [Meme] Too Many Fake European Patents? So Start Fake European Courts for Patents.

    António Campinos, who sent EPO money to Belarus, insists that the EPO is doing well; nothing could be further from the truth and EPO corruption is actively threatening the EU (or its legitimacy)



  7. Thomas Magenheim-Hörmann in RedaktionsNetzwerk Deutschland About Declining Quality and Declining Validity of European Patents (for EPO and Illegal Kangaroo Courts)

    Companies are not celebrating the “production line” culture fostered by EPO management, which is neither qualified for the job nor wants to adhere to the law (it's intentionally inflating a bubble)



  8. Links 30/03/2023: HowTos and Political News

    Links for the day



  9. Links 30/03/2023: LibreOffice 7.5.2 and Linux 6.2.9

    Links for the day



  10. Links 30/03/2023: WordPress 6.2 “Dolphy” and OpenMandriva ROME 23.03

    Links for the day



  11. Sirius is Britain’s Most Respected and Best Established Open Source Business, According to Sirius Itself, So Why Defraud the Staff?

    Following today's part about the crimes of Sirius ‘Open Source’ another video seemed to be well overdue (those installments used to be daily); the video above explains to relevance to Techrights and how workers feel about being cheated by a company that presents itself as “Open Source” even to some of the highest and most prestigious public institutions in the UK



  12. IRC Proceedings: Wednesday, March 29, 2023

    IRC logs for Wednesday, March 29, 2023



  13. [Meme] Waiting for Standard Life to Deal With Pension Fraud

    The crimes of Sirius ‘Open Source’ were concealed with the authoritative name of Standard Life, combined with official papers from Standard Life itself; why does Standard Life drag its heels when questioned about this matter since the start of this year?



  14. Former Staff of Sirius Open Source Responds to Revelations About the Company's Crimes

    Crimes committed by the company that I left months ago are coming to light; today we share some reactions from other former staff (without naming anybody)



  15. Among Users in the World's Largest Population, Microsoft is the 1%

    A sobering look at India shows that Microsoft lost control of the country (Windows slipped to 16% market share while GNU/Linux grew a lot; Bing is minuscule; Edge fell to 1.01% and now approaches “decimal point” territories)



  16. In One City Alone Microsoft Fired Almost 3,000 Workers This Year (We're Still in March)

    You can tell a company isn’t doing well when amid mass layoffs it pays endless money to the media — not to actual workers — in order for this media to go crazy over buzzwords, chaffbots, and other vapourware (as if the company is a market leader and has a future for shareholders to look forward to, even if claims are exaggerated and there’s no business model)



  17. Links 29/03/2023: InfluxDB FDW 2.0.0 and Erosion of Human Rights

    Links for the day



  18. Links 29/03/2023: Parted 3.5.28 and Blender 3.5

    Links for the day



  19. Links 29/03/2023: New Finnix and EasyOS Kirkstone 5.2

    Links for the day



  20. IRC Proceedings: Tuesday, March 28, 2023

    IRC logs for Tuesday, March 28, 2023



  21. [Meme] Fraud Seems Standard to Standard Life

    Sirius ‘Open Source’ has embezzled and defrauded staff; now it is being protected (delaying and stonewalling tactics) by those who helped facilitate the robbery



  22. 3 Months to Progress Pension Fraud Investigations in the United Kingdom

    Based on our experiences and findings, one simply cannot rely on pension providers to take fraud seriously (we’ve been working as a group on this); all they want is the money and risk does not seem to bother them, even when there’s an actual crime associated with pension-related activities



  23. 36,000 Soon

    Techrights is still growing; in WordPress alone (not the entire site) we’re fast approaching 36,000 posts; in Gemini it’s almost 45,500 pages and our IRC community turns 15 soon



  24. Contrary to What Bribed (by Microsoft) Media Keeps Saying, Bing is in a Freefall and Bing Staff is Being Laid Off (No, Chatbots Are Not Search and Do Not Substitute Web Pages!)

    Chatbots/chaffbot media noise (chaff) needs to be disregarded; Microsoft has no solid search strategy, just lots and lots of layoffs that never end this year (Microsoft distracts shareholders with chaffbot hype/vapourware each time a wave of layoffs starts, giving financial incentives for publishers to not even mention these; right now it’s GitHub again, with NDAs signed to hide that it is happening)



  25. Full RMS Talk ('A Tour of Malicious Software') Uploaded 10 Hours Ago

    The talk is entitled "A tour of malicious software, with a typical cell phone as example." Richard Stallman is speaking about the free software movement and your freedom. His speech is nontechnical. The talk was given on March 17, 2023 in Somerville, MA.



  26. Links 28/03/2023: KPhotoAlbum 5.10.0 and QSoas 3.2

    Links for the day



  27. The Rumours Were Right: Many More Microsoft Layoffs This Week, Another Round of GitHub Layoffs

    Another round of GitHub layoffs (not the first [1, 2]; won’t be the last) and many more Microsoft layoffs; this isn’t related to the numbers disclosed by Microsoft back in January, but Microsoft uses or misuses NDAs to hide what’s truly going on



  28. All of Microsoft's Strategic Areas Have Layoffs This Year

    Microsoft’s supposedly strategic/future areas — gaming (trying to debt-load or offload debt to other companies), so-called ‘security’, “clown computing” (Azure), and “Hey Hi” (chaffbots etc.) — have all had layoffs this year; it’s clear that the company is having a serious existential crisis in spite of Trump’s and Biden’s bailouts (a wave of layoffs every month this year) and is just bluffing/stuffing the media with chaffbots cruft (puff pieces/misinformation) to keep shareholders distracted, asking them for patience and faking demand for the chaffbots (whilst laying off Bing staff, too)



  29. Links 28/03/2023: Pitivi 2023.03 is Out, Yet More Microsoft Layoffs (Now in Israel)

    Links for the day



  30. IRC Proceedings: Monday, March 27, 2023

    IRC logs for Monday, March 27, 2023


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts