All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Weekly recap of open source and sysadmin related stuff
original
Recap of week 02 of 2016, covering open source and sysadmin related news, articles, guides, talks, discussions and fun stuff.
Comic by Wumo
If you like this website and want to support it AND get $10 Digital Ocean credit (a VPS 2 months for free), use this link to order: https://www.digitalocean.com/?refcode=7435ae6b8212 (referral link).
Earlier editions can be found here. That page has a special RSS feed for the recaps as well.
News, tutorials and articles
Ford, Mazda, Mitsubishi Motors and Subaru join the Linux Foundation and Automotive Grade Linux. Better ave some open source in your computerized murder machine.
Using two factor authentication for SSH. A good article on setting up HOTP two factor auth. Note that SSH keys don't require second auth here because the implementation is with PAM, and SSH keys are before PAM. So, usefull when you need to have password authentication on.
An article from a gamedeveloper, why they like to write in C. Reliably, fast but also dangerous.
How Nvidia breaks Chrome Incognito mode. Both point at each other, but still, should be fixed.
A very informative and detailed article on AJAX request using XMLHttpRequest. I sometimes do coding, and this is a very good explanation on the lower level, now I understand what goes on behind a
jquery.load()
.Dan Luu writes about some really bad intel CPU bugs in 2015, and how we should expect to see more in the future. Above my level, but still an interesting read.
The US Department of Defense (DoD) is still issuing SHA-1 signed certificates, and using them to secure connections to .mil websites.
Snapper is OpenSUSE's tool to manage BTRFS snapshots. It's a good tool, and enabled by default. I have a machine with OpenSUSE Leap and that creats snapshots at every update and every half hour, so I've used snapper to clean snapshots up. Works like a charm.
Owncloud writes about how they are making upgrading more robust. I use OwnCloud, but only for my contact and calendar sync. File sync is too flaky, I've lost important files due to Owncloud sync issues. Lucky me for having great backups.
Add a Why (reason) to SSH, to better audit log actions.
A neat article on a rather huge (physical) FreeNAS home server build. I like my small Synology which is very power efficient.
There are no secure smartphones. Remember the Baseband? A second PC in your phone, with unlimited NSA and carrier access, sping on you all the time.
Bare metal programming on your Raspberry Pi with Rust. A lot, and I mean a huge amount of code to get a light blinking. In C this would be much shorter and more clear, but they again, C is not a
safe
language.Mozilla is shutting down Persona.org. I'm sad that they so blatantly drop and discontinue Persona, since it's a very nice option for authentication on the web.
OMG Ubuntu has a scoop on a convergence device running Ubuntu. It might be a 10-inch tablet with 64-bit ARM processor made by Spanish OEM Bq and might be released at the Mobile World Congress.
Software, hardware and releases
Piet is a programming language in which programs look like abstract paintings.
Ansible 20 has been released. Ansible is my favorite configuration management system, easy, written in Python, great documentation and no client required. 2.0 has
try/except
error handling, a bunch of new Openstack modules and many more good stuff.Inferno OS for the Raspberry Pi released version 0.5, with support for the 512MB original model B. Interesting reasearch project to port Inferno, a plan 9-like OS to the Raspberry Pi.
OpenSSH has a vulnerability which can expose client memory (and thus private keys), in an undocumented experimental feature. Update and add
UseRoaming No
to your.ssh/config
file.Some Fritzbox AVM models have a buffer overflow remote code execution. Sadly, my ISP provided model as well. Which is a nice thing, since they disabled telnet in a previous firmware without proper notice beforehand. I'm not updating, since I now have my root access back.
Linux Mint 17.3 "Rosa" KDE released, along with the XFCE version.
Equicon posted a PDF describing a legacy train control system in Melbource. They migrated around twenty PDP-11/84 systems to emulated hardware, without downtime. Pretty cool.
Apple released public beta's for OS X 10.11.4 and iOS 9.3. OS X 10.11.4 public beta 1 includes support for Live Photos in the Messages app, password protected Notes and compatibility with iOS 9.3. iOS 9.3 public beta 1 includes support for password protected Notes, a f.lux-like NightShift mode, support for multiple users in educational environments and a variety of new 3D Touch shortcuts.
Veeam backup and replication v9 is released. My windows colleagues are fond of this, as they say,
a million times better than Backup Exec
. No experience with it myself.Linux kernel 4.4 was released. This releese adds support for 3D support in virtual GPU driver, which allows 3D hardware-accelerated graphics in virtualization guests; loop device support for Direct I/O and Asynchronous I/O, which saves memory and increases performance; support for Open-channel SSDs, which are devices that share the responsibility of the Flash Translation Layer with the operating system; the TCP listener handling is completely lockless and allows for faster and more scalable TCP servers; journalled RAID5 in the MD layer which fixes the RAID write hole; eBPF programs can now be run by unprivileged users, and perf has added support for eBPF programs aswell; a new
mlock2()
syscall that allows users to request memory to be locked on page fault; and block polling support. There are also new drivers and many other small improvements. Here is the full changelog. (via)The open source video editor OpenShot has released version 2.0 after a few years of no development. It's a nice product to create home video's, like Movie Maker.
ForceBindIP is a freeware Windows application that will inject itself into another application and alter how certain Windows socket calls are made, allowing you to force the other application to use a specific network interface / IP address. This is useful if you are in an environment with multiple interfaces and your application has no option to bind to a specific interface. I want this for Linux.
So you think you can program an elevator? A fun programming challenge in Python.
Exzap released the version 1.3.0 of his Wii U emulator, cemu.
Scribus 1.4.6 was released, with SVG blend support and better PDF exports.
Awkaster, a ray casting demo written in AWK. Or, basically a small Doom/Wolfenstein clone. Amazing!
The Atom text editor has a new release, version 1.4.0. I'm more of a
vim
and Sublime Text fan myself, Atom feels very slow.MidnightBSD 0.7.3 released, mostly security fixes.
FreeBSD on the EdgeRouter Lite, without serial port access. Turns out it's just a USB stick, so DD an image and done. Neat small device runs full FreeBSD as a router.
Let's Encrypt has issued over 300K certificates!
Jeff Hoogland released version 0.2.0 of the Moksha desktop. For those unfamiliar, that's an E17 fork used in Bodhi Linux. Low resource usage, but high on special effects.
Talks, videos, slides and podcasts
Mycroft, turn on Netflix.
Geek News Radio episode 4, geeky discussions on Baileys, The Expanse, Fallout 4, the OnePlus X and more.
Some dude opens up an Unlimited set Magic the Gathering pack and finds one of the Power 9 cards, and is very happy with that.
Compromise in Free Software. Discussion with Bryan Lunduke, Richard M Stallman, Aaron Seigo, Swapnil Bhartiya, and Stuart Langridge.
Old Mandrake Linux commercial from 1999
Power a Raspberry Pi Zero via Ethernet (PoE).
A collection of all security conferences of 2015 with video's.
Fun and nifty things and discussions
D&D Meets the Electronic Age.
Since
coreutils
v8.24,dd
has a progress option. Yay, it only took like a million years! I useprogress
myself since that has been there for some time and works with a lot more programs likecp
,mv
, etc.A tip on dealing with jackass customers.
Technically correct is the best kind of correct.
Decoding data hiding in a computer in the movie Star Trek IV. It was a packet radio transmission.
Comments
Big SSH bug this week, nobody died, it was relatively quiet news wise. last week I had almost 90 links, now around 50...
https://apps.owncloud.com/content/show.php/Mozilla+Sync?content=161793
https://github.com/owncloud/mozilla_sync/blob/master/INSTALL.md
This also looks interesting:
http://www.howtogeek.com/195962/unlock-virtual-desktops-on-windows-7-or-8-with-this-microsoft-tool/
Seriously @Raymii, where do you get the time to collect these amazing weekly recaps?
Thanks a lot!
huh? why do hosts use 2.6.x?
openvz
it doesn't work on a kernel released after 2009?
love this threads (as I do love your blog, so much useful intel...)
weekly thanks given @Raymii - please never give up on this work you do!
This is amazing. Subbed for RSS. Thank you @Raimii !
Old Mandrake Linux commercial from 1999
the video is no more...
Interesting read, thanks.
Re: forcebindip - will iptables -m owner not do what you want? Can match by user/group/process id...
You should rather reference https://hsmr.cc/palinopsia/
Tested and experienced it myself with a GT 730, GTX 650, 820M & HD 7470M.
Let's go back in time, shall we?
http://www.adlerweb.info/blog/2012/06/20/nvidia-x-org-video-ram-information-leak and http://blog.lxgr.net/posts/2013/05/20/uninitialized-buffers-in-opengl/
It affects Linux & Windows and much more than Chrome with Nvidia and AMD cards (magically Intel did well with their drivers and cleaned VRAM).
Thanks for the compliments guys/gals. I mostly read this stuff throughout the week via Reddit and RSS (about 700 feeds). Things I find interesting are saved and once a day I add them to the 'list', which I edit in the weekend and publish.
OpenVZ is old and doesn't support newer kernels sadly.
I'm not sure. Can I start a program, force it and its forks on a specific interface or should I know the PID on beforehand?
Keep it coming.
I need this like my coffee.
@Raymii - I've only used this running processes as specific users - which might be possible for you to set up?
However -
iptables -A OUTPUT -m owner --cmd-owner $my_program
sounds equivalent to what you're describing, or possibly using sessionid instead of processid in order to get all threads of a process:
iptables -A OUTPUT -m owner --sid-owner $session_id
I don't think this works with with ICMP (and possibly other stuff), so it won't give you 100% separation - I'd probably just spin up a VPS for that...
Thanks for doing this excellent thing every week. Perfect thing to sit and read on the way into class on Monday mornings