New Intel Chip Exploits Discovered, Instagram Accounts Attacked, Nativ Vita Hi-Res Music Server Has New Features, QEMU 3.0 Now Available and the Debian GNU/Linux Project Turns 25 Tomorrow

News briefs for August 15, 2018.

Three new Meltdown/Spectre-type Intel chip exploits have been discovered
that affect Intel’s desktop, workstation and server CPUs, and they are
especially problematic for containers. ItProToday
reports
that “The latest exploits might prove to be particularly
troublesome for those using containers since each container runs on its own
implementation of Linux, which likely means each and every container will
need to be patched. According to Red Hat, ‘every Linux and Kubernetes
distribution is impacted. All organizations deploying containers should
consult their Linux/Kubernetes/containers provider.'” See also the Red
Hat blog
for more information.

Instagram accounts are being attacked—even those using 2FA. Mashable
reports
that users are being locked out of their accounts, their
profile avatars are being changed and bios deleted. Restoring account access
is evidently quite difficult.

The open
platform Nativ
Vita Hi-Res Music Server
has been updated, adding serious new
functionality, such as multi-room streaming, support of up to 10TB, playing
music from a NAS or computer and CD ripping.

QEMU 3.0 is now available. Phoronix
reports
that this big feature release
brings new functionality and several improvements including “Spectre
V4 mitigation for x86 Intel/AMD, improved support for nested KVM guests on
Microsoft Hyper-V, block device support for active mirroring, improved
support for AHCI and SCSI emulation, OpenGL ES support within the SDL
front-end, improved latency for user-mode networking, various ARM
improvements, some POWER9 / RISC-V / s390 improvements too, and various other
new bits.” See the QEMU
ChangeLog
for details.

The Debian GNU/Linux project turns 25 tomorrow. Source: ITWire.

Source: Linux Journal

Shuffling Letters and Words

You can shuffle your feet and you can shuffle cards, but can you shuffle
characters? Dave’s latest column explores the possibilities.

My last few articles have described building a pretty sophisticated password
generator, except for one thing: I never quite got to the point of
scrambling the end result to add a second level of randomness. I sidestepped
the issue by saying it was an exercise for the reader, but in fact, it’s
a pretty interesting problem, so let’s look at it here.

You can reverse a word with the handy Linux command rev, like so:


$ echo "hello from the other side" | rev
edis rehto eht morf olleh

You also can reverse lines in a file so that the last line is shown first,
penultimate line second, and so on:


$ cat -n test.me | sort -rn | cut -f2-
entering along with him.
enough to prevent a swirl of gritty dust from
glass doors of Victory Mansions, though not quickly
escape the vile wind, slipped quickly through the
chin nuzzled into his breast in an effort to
clocks were striking thirteen. Winston Smith, his
It was a bright cold day in April, and the

You recognize that opening paragraph even though it’s backwards, right?
“Clocks were striking thirteen” can only be George Orwell’s
cautionary tale 1984.

Note: there’s a Linux command called tac that offers a reverse
cat, which
would do the job too, but I’ve always loved sort -rn as a
command, so
I wanted to demonstrate how to use it in a pipeline to accomplish the same
result.

How about getting the lines of this file, but in completely random order?
There’s a command for that—at least in Linux: shuf. It’s not
available on the Mac OS X command line, however, so if you’re playing
along at home with your Mac system, well, you’ve just hit a road block.
Sorry about that. I offer an alternative at the end of this article
though, so don’t despair!

If you’re on a Linux system (and this is Linux Journal after all), then
check this out:


$ cat test.me | shuf
clocks were striking thirteen. Winston Smith, his
entering along with him.
glass doors of Victory Mansions, though not quickly
escape the vile wind, slipped quickly through the
enough to prevent a swirl of gritty dust from
chin nuzzled into his breast in an effort to
It was a bright cold day in April, and the

So those commands are all ready to go, but how about scrambling letters
in a line? That can be done with the shuf command as
demonstrated previously, but
individual lines aren’t quite ready for the shuf treatment.

You can break up words by using the under-appreciated
fold command, like this:

Source: Linux Journal

FOSS Software Alternatives to Popular Proprietary Software

free and open source software alternatives to proprietary software

A list of FOSS alternatives to popular proprietary software was compiled in to what is now a popular infographic by anonymiss@despora.de. We’ve contributed by making a text list of the infographic. Now it’s your turn– tell us what FOSS alternatives you recommend in each category and we’ll add them to this master list.

Google

YouTube

Google Maps

Gmail

Google Play

Facebook

Instagram

WhatsApp

Twitter

Encyclopedia Britannica

Microsoft Windows

Internet Explorer

Microsoft Office

Adobe Photoshop

 

Source: Linux Journal

Git Quick Start Guide

Ditch USBs and start using real version control, and if you follow this guide,
you can start using git in 30 minutes!

If you have any experience with programming or just altering config
files, I’m sure you’ve been dumbstruck by how one change you’ve made along
the line affects the whole project. Identifying and isolating the problem
without a version control system is often time- and energy-intensive,
involving retracing your steps and checking all changes made before the
unwanted behavior first occurred. A version control system is designed
explicitly to make that process easier and provide readable comparisons between
versions of text.

Another great feature that distributed version control systems
such as git provide is the power of lateral movement. Traditionally, a team of
programmers would implement features linearly. This meant pulling the code
from the trusted source (server) and developing a section before pushing
the altered version back upstream to the server. With distributed systems,
every computer maintains a full repository, which means each programmer
has a full history of additions, deletions and contributors as well as the
ability to roll back to a previous version or break away from the trusted
repository and fork the development tree (which I discuss later).

Quick Start Guide

The great thing about git is there’s so little you need to know! Without further ado, let’s begin with the most important commands.

First, I’m working with a previous project of mine located here:


[user@lj src]$ pwd
/home/lj/projects/java/spaceInvaders/src

To create a local repository, simply run:


[user@lj src]$ git init
Initialized empty Git repository in
 ↪/home/lj/projects/java/spaceInvaders/src/.git/

To add all source files recursively to git’s index, run:


[user@lj src]$ git add .

To push these indexed files to the local repository, run:


[user@lj src]$ git commit

You’ll see a screen containing information about the commit, which allows you to leave a description of the commit:

Source: Linux Journal

Dropbox Ending Sync Support for Uncommon Filesystems, Google Tracks Your Location, NVIDIA Unveils Its First Turing Architecture-Based GPUs, Blackmagic Design Announces DaVinci Resolve 15 and Virtlyst 1.2.0 Released

News briefs for August 14, 2018.

Dropbox recently announced in its forum that it will be supporting only the ext4 filesystem for
Linux starting in November. Here’s the post: “Hi everyone, on Nov. 7, 2018,
we’re ending support for Dropbox syncing to drives with certain uncommon
file systems. The supported file systems are NTFS for Windows, HFS+ or APFS
for Mac, and Ext4 for Linux.” (Source: It’s FOSS.)

The AP
reports
that Google tracks your location history, even if you turn “Location History”
off. On both Android devices and iPhones, Google stores “your location data
even if you’ve used a privacy setting that says it will prevent Google
from doing so.
Computer-science researchers at Princeton confirmed these findings at the
AP’s request.”
This
Wired post
describes how you actually can disable location tracking.

NVIDIA unveiled its
first Turing architecture-based GPUs
yesterday at SIGGRAPH. The press
release claims the Quadro RTX, “the world’s
first ray-tracing GPU” will revolutionize “the work of 50 million designers
and artists by enabling them to render photorealistic scenes in real time,
add new AI-based capabilities to their workflows, and enjoy fluid
interactivity with complex models and scenes.”

Blackmagic Design yesterday announced
the release of DaVinci Resolve 15
. You can download this “professional
editing, visual effects, motion graphics, color correction and audio post
production software” for free from the Blackmagic Design site. This release
is “a massive update that fully integrates visual
effects and motion graphics, making it the world’s first solution to
combine professional offline and online editing, color correction, audio post
production, multi user collaboration and now visual effects together in one
software tool”.

Virtlyst 1.2.0, a web interface for managing virtual machines built with
Cutelyst/Qt/C++, was released yesterday. According to Dantti’s
Blog
, this update includes several bug fixes, including “the ability
to warn users before doing important actions to help avoid making
mistakes”. You can download it from GitHub.

Source: Linux Journal

The Academy of Motion Picture Arts and Sciences and The Linux Foundation Launched the Academy Software Foundation, Linux 4.18 and GNU Linux-libre 4.18-gnu Kernels Are Out, DXVK 0.65 Released and Canonical Live Patch Update

News briefs for August 13, 2018.

The Academy of Motion Picture Arts and Sciences and The Linux Foundation
launched the Academy Software Foundation
late last week. The ASF’s mission is to “increase the quality and
quantity of contributions to the content creation industry’s open source
software base; to provide a neutral forum to coordinate cross-project
efforts; to provide a common build and test infrastructure; and to provide
individuals and organizations a clear path to participation in advancing our
open source ecosystem”. Interested developers can sign up to join the mailing
list here.

The Linux 4.18
kernel is out
. See this Phoronix
post
for a list of the best features of this new kernel.

And, the GNU
Linux-libre 4.18-gnu deblobbed version
, which removes all non-free
components from Linux, is now available as well. You can find dources and tarballs
here.

DXVK 0.65, a Vulkan-based library for running Direct3D 11 games in Wine, has been released.
According to GamingOnLinux,
the new version provides “better configuration for various games out of the
box”, along with several other fixes.

Canonical recently released a new Linux kernel live patch for all of its supported
Ubuntu Linux operating system releases to address various security
vulnerabilities, including the recent TCP flaw (CVE-2018-5390)
and a few others (CVE-2018-13405,
CVE-2018-13094,
CVE-2018-1094
and CVE-2018-11506).
Update now if you haven’t already. (Source: Softpedia
News
.)

Source: Linux Journal

Encrypting NFSv4 with Stunnel TLS

NFS clients and servers push file traffic over clear-text connections in the default configuration, which is incompatible with
sensitive data. TLS can wrap this traffic, finally bringing protocol security. Before you use your cloud provider’s NFS tools, review
all of your NFS usage and secure it where necessary.

The Network File System (NFS) is the most popular file-sharing protocol in UNIX. Decades old and predating Linux, the most modern v4
releases are easily firewalled and offer nearly everything required for seamless manipulation of remote files as if they were local.

The most obvious feature missing from NFSv4 is native, standalone encryption. Absent Kerberos, the protocol operates only in
clear text, and this presents an unacceptable security risk in modern settings. NFS is hardly alone in this shortcoming, as I have
already covered clear-text
SMB in a previous article
. Compared to SMB, NFS over stunnel offers better encryption (likely AES-GCM if
used with a modern OpenSSL) on a wider array of OS versions, with no pressure in the protocol to purchase paid updates or newer OS
releases.

NFS is an extremely common NAS protocol, and extensive support is available for it in cloud storage. Although Amazon EC2 supports
clear-text and encrypted NFS, Google Cloud makes no mention
of data security in its documented procedures, and major initiatives for
the protocol recently have been launched by Microsoft Azure and Oracle Cloud that raise suspicion. When using these features over
untrusted networks (even within the hosting provider), it must be assumed that vulnerable traffic will be captured, stored and
reconstituted by hostile parties should they have the slightest interest in the content. Fortunately, wrapping TCP-based NFS with TLS
encryption via stunnel, while not obvious, is straightforward.

The performance penalty for tunneling NFS over stunnel is surprisingly small—transferring an Oracle Linux Installation ISO over an
encrypted NFSv4.2 connection is well within 5% of the speed of clear text. Even more stunning is the performance of
fuse-sshfs, which
appears to beat even clear-text NFSv4.2 in transfer speed. NFS remains superior to sshfs in reliability, dynamic
idmap and
resilience, but FUSE and OpenSSH delivered far greater performance than expected.

Source: Linux Journal

Weekend Reading: All Things Bash

Bash shell

Bash is a shell and command language. It is distributed widely as the default login shell for most Linux distributions. We’ve rounded up some of the most popular Bash-related articles for your weekend reading.

Create Dynamic Wallpaper with a Bash Script
By Patrick Wheelan
Harness the power of bash and learn how to scrape websites for exciting new images every morning.

Developing Console Applications with Bash
By Andy Carlson
Bring the power of the Linux command line into your application development process.

Parsing an RSS News Feed with a Bash Script
By Jim Hall
I can automate an hourly job to retrieve a copy of an RSS feed, parse it, and save the news items to a local file that the website can incorporate. That reduces complexity on the website, with only a little extra work by parsing the RSS news feed with a Bash script.

Hacking a Safe with Bash
By Adam Kosmin
Being a minimalist, I have little interest in dealing with GUI applications that slow down my work flow or application-specific solutions (such as browser password vaults) that are applicable only toward a subset of my sensitive data. Working with text files affords greater flexibility over how my data is structured and provides the ability to leverage standard tools I can expect to find most anywhere.

Graph Any Data with Cacti!
By Shawn Powers
Cacti is not a new program. It’s been around for a long time, and in its own way, it’s a complicated beast itself. I finally really took the time to figure it out, however, and I realized that it’s not too difficult to use. The cool part is that Cacti makes RRDtool manipulation incredibly convenient. It did take me the better part of a day to understand Cacti fully, so hopefully this article will save you some time.

Reading Web Comics via Bash Script
By Jim Hall
I follow several Web comics. I used to open my Web browser and check out each comic’s Web site. That method was fine when I read only a few Web comics, but it became a pain to stay current when I followed more than about ten comics. These days, I read around 20 Web comics. It takes a lot of time to open each Web site separately just to read a Web comic. I could bookmark the Web comics, but I figured there had to be a better way—a simpler way for me to read all of my Web comics at once.

Source: Linux Journal

Ring-KDE 3.0.0 Released, Intel Debuts 32TB Ruler-Shaped SSDs, OpenEMR Security Issues, PostgreSQL Updates and New Version of Unigine

News briefs for August 10, 2018.

Ring-KDE
3.0.0, a GNU Ring.cx client, has been released
. GNU Ring is a secure,
distributed communication platform based on open industry-standard technologies for audio calls,
video conferences, chat, screen-sharing and peer-to-peer file transfer. This
new version of Ring-KDE is a full rewrite of the app “to use more modern
technologies such as touch support, QtQuick2 and KDE Kirigami adaptive widget
framework”. When you join GNU Ring, “no servers or centralized
accounts are needed. Beside an optional blockchain-based way to reserve your
username against takeover, nothing leaves your device”, and Ring-KDE “provides
a simple wizard to help you create credentials or import your personal
information from other devices.” For more info, also visit here.

Intel
debuts a totally silent ruler-shaped solid state drive
, the Intel SSD DC
P4500. This SSD is can store 32
terabytes—”equivalent to triple the entire printed collection of
the U.S. Library of Congress”. In addition, “the no-moving-parts ruler-shaped
SSDs can be lined up 32 side-by-side, to hold up to a petabyte in a single
server slot. Compared with a traditional SSD, the ‘ruler’ requires
half the airflow to keep cool. And compared with hard disk storage, the new
3D NAND SSD sips one-tenth the power and requires just one-twentieth the
space.”

Several security vulnerabilities were discovered recently in OpenEMR, developer of open-source electronic health records and practice
management tools, possibly affecting the data of more than 90 million
patients. Info
Security Magazine
reports that the issues “included nine separate SQL
injection vulnerabilities, four remote code execution flaws and several
arbitrary file read, write and delete bugs. Others included a portal
authentication bypass, unauthenticated information disclosure, and cross-site
request forgery”. Info Security notes that OpenEMR team has since
patched “most” of the
vulnerabilities.

PostgreSQL announces
a slew of new releases
: 10.5, 9.6.10, 9.5.14, 9.4.19, 9.3.24 and
11 beta 3. The third beta release of PostgreSQL 11 “contains previews of all
features that will be available in the final release of PostgreSQL 11”. Two
security issues and more than 40 bugs are also fixed in these updates.

Unigine, the Linux-friendly commercial game and professional graphics engine has released version
2.7.2. According to Phoronix, this release “has better importing support for CAD models,
optimized texture streaming, physically-based cameras and lights, an improved
particle system, multi-channel rendering improvements, and various other
optimizations and polishing. Unfortunately, no word on Vulkan support yet for
Unigine 2.” For more info, see also the Unigine
Dev
site.

Source: Linux Journal